Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-08-13 09:51:20 2019-08-13 09:55:25 245 seconds Show Options Show Log
route = internet
procdump = 1
2019-08-13 10:51:21,000 [root] INFO: Date set to: 08-13-19, time set to: 09:51:21, timeout set to: 200
2019-08-13 10:51:21,062 [root] DEBUG: Starting analyzer from: C:\akbpwcffg
2019-08-13 10:51:21,062 [root] DEBUG: Storing results at: C:\DlTCtA
2019-08-13 10:51:21,062 [root] DEBUG: Pipe server name: \\.\PIPE\iknCBnNSVA
2019-08-13 10:51:21,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-08-13 10:51:21,062 [root] INFO: Automatically selected analysis package "ie"
2019-08-13 10:51:22,309 [root] DEBUG: Started auxiliary module Browser
2019-08-13 10:51:22,309 [root] DEBUG: Started auxiliary module Curtain
2019-08-13 10:51:22,309 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-08-13 10:51:22,309 [root] DEBUG: Started auxiliary module DigiSig
2019-08-13 10:51:22,309 [root] DEBUG: Started auxiliary module Disguise
2019-08-13 10:51:22,309 [root] DEBUG: Started auxiliary module Human
2019-08-13 10:51:22,325 [root] DEBUG: Started auxiliary module Screenshots
2019-08-13 10:51:22,325 [root] DEBUG: Started auxiliary module Sysmon
2019-08-13 10:51:22,325 [root] DEBUG: Started auxiliary module Usage
2019-08-13 10:51:22,325 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-08-13 10:51:22,325 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-08-13 10:51:22,357 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""https://www.facebook.com/"" with pid 2480
2019-08-13 10:51:22,357 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 10:51:22,357 [lib.api.process] INFO: 32-bit DLL to inject is C:\akbpwcffg\dll\nGEZCpvY.dll, loader C:\akbpwcffg\bin\CyiOcby.exe
2019-08-13 10:51:22,700 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\iknCBnNSVA.
2019-08-13 10:51:22,700 [root] DEBUG: Loader: Injecting process 2480 (thread 1432) with C:\akbpwcffg\dll\nGEZCpvY.dll.
2019-08-13 10:51:22,700 [root] DEBUG: Process image base: 0x01330000
2019-08-13 10:51:22,700 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\akbpwcffg\dll\nGEZCpvY.dll.
2019-08-13 10:51:22,700 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x013D6000 - 0x77380000
2019-08-13 10:51:22,700 [root] DEBUG: InjectDllViaIAT: Allocated 0x218 bytes for new import table at 0x013E0000.
2019-08-13 10:51:22,700 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 10:51:22,700 [root] DEBUG: Successfully injected DLL C:\akbpwcffg\dll\nGEZCpvY.dll.
2019-08-13 10:51:22,700 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2480
2019-08-13 10:51:24,711 [lib.api.process] INFO: Successfully resumed process with pid 2480
2019-08-13 10:51:24,711 [root] INFO: Added new process to list with pid: 2480
2019-08-13 10:51:25,009 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 10:51:25,023 [root] DEBUG: Process dumps enabled.
2019-08-13 10:51:25,398 [root] INFO: Disabling sleep skipping.
2019-08-13 10:51:25,398 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-08-13 10:51:25,398 [root] INFO: Disabling sleep skipping.
2019-08-13 10:51:25,398 [root] INFO: Disabling sleep skipping.
2019-08-13 10:51:25,398 [root] INFO: Disabling sleep skipping.
2019-08-13 10:51:25,398 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2480 at 0x747a0000, image base 0x1330000, stack from 0x1b2000-0x1c0000
2019-08-13 10:51:25,398 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https:\www.facebook.com\".
2019-08-13 10:51:25,398 [root] INFO: Monitor successfully loaded in process with pid 2480.
2019-08-13 10:51:25,569 [root] DEBUG: DLL unloaded from 0x76940000.
2019-08-13 10:51:25,789 [root] DEBUG: DLL loaded at 0x731E0000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-08-13 10:51:25,881 [root] DEBUG: DLL loaded at 0x74B60000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-08-13 10:51:25,944 [root] DEBUG: DLL loaded at 0x74600000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-08-13 10:51:26,240 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\profapi (0xb000 bytes).
2019-08-13 10:51:26,272 [root] DEBUG: DLL loaded at 0x752D0000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-08-13 10:51:26,272 [root] DEBUG: DLL loaded at 0x75850000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-08-13 10:51:26,288 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-08-13 10:51:26,288 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-08-13 10:51:26,288 [root] DEBUG: DLL loaded at 0x74B20000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-08-13 10:51:26,319 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-08-13 10:51:26,427 [root] DEBUG: DLL loaded at 0x745A0000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-08-13 10:51:26,427 [root] DEBUG: DLL loaded at 0x74E30000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-08-13 10:51:26,444 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-08-13 10:51:26,460 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-08-13 10:51:26,460 [root] DEBUG: DLL loaded at 0x74B10000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-08-13 10:51:26,474 [root] DEBUG: DLL unloaded from 0x745A0000.
2019-08-13 10:51:26,661 [root] DEBUG: DLL loaded at 0x768C0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-08-13 10:51:27,068 [root] DEBUG: DLL loaded at 0x745C0000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-08-13 10:51:27,145 [root] DEBUG: DLL unloaded from 0x75760000.
2019-08-13 10:51:27,145 [root] DEBUG: DLL unloaded from 0x77050000.
2019-08-13 10:51:27,207 [root] DEBUG: DLL unloaded from 0x745C0000.
2019-08-13 10:51:27,207 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-08-13 10:51:27,207 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-08-13 10:51:27,255 [root] DEBUG: DLL unloaded from 0x77560000.
2019-08-13 10:51:27,332 [root] DEBUG: DLL loaded at 0x74B00000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-08-13 10:51:27,707 [root] DEBUG: DLL unloaded from 0x75530000.
2019-08-13 10:51:27,707 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-08-13 10:51:27,707 [root] DEBUG: DLL unloaded from 0x01330000.
2019-08-13 10:51:27,753 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 1668
2019-08-13 10:51:27,753 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 10:51:27,753 [lib.api.process] INFO: 32-bit DLL to inject is C:\akbpwcffg\dll\nGEZCpvY.dll, loader C:\akbpwcffg\bin\CyiOcby.exe
2019-08-13 10:51:27,753 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\iknCBnNSVA.
2019-08-13 10:51:27,753 [root] DEBUG: Loader: Injecting process 1668 (thread 1444) with C:\akbpwcffg\dll\nGEZCpvY.dll.
2019-08-13 10:51:27,753 [root] DEBUG: Process image base: 0x01330000
2019-08-13 10:51:27,753 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\akbpwcffg\dll\nGEZCpvY.dll.
2019-08-13 10:51:27,753 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x013D6000 - 0x77380000
2019-08-13 10:51:27,753 [root] DEBUG: InjectDllViaIAT: Allocated 0x218 bytes for new import table at 0x013E0000.
2019-08-13 10:51:27,753 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 10:51:27,753 [root] DEBUG: Successfully injected DLL C:\akbpwcffg\dll\nGEZCpvY.dll.
2019-08-13 10:51:27,753 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1668
2019-08-13 10:51:27,753 [root] DEBUG: DLL loaded at 0x745A0000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-08-13 10:51:27,753 [root] DEBUG: DLL loaded at 0x74580000: C:\Windows\system32\rasman (0x15000 bytes).
2019-08-13 10:51:27,753 [root] DEBUG: DLL unloaded from 0x745A0000.
2019-08-13 10:51:27,753 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 10:51:27,753 [root] DEBUG: Process dumps enabled.
2019-08-13 10:51:27,769 [root] INFO: Disabling sleep skipping.
2019-08-13 10:51:27,769 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-08-13 10:51:27,769 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1668 at 0x747a0000, image base 0x1330000, stack from 0x3c2000-0x3d0000
2019-08-13 10:51:27,769 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:79873.
2019-08-13 10:51:27,769 [root] INFO: Added new process to list with pid: 1668
2019-08-13 10:51:27,769 [root] INFO: Monitor successfully loaded in process with pid 1668.
2019-08-13 10:51:27,769 [root] DEBUG: DLL unloaded from 0x76940000.
2019-08-13 10:51:27,769 [root] DEBUG: DLL loaded at 0x731E0000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-08-13 10:51:27,769 [root] DEBUG: DLL loaded at 0x74B60000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-08-13 10:51:27,769 [root] DEBUG: DLL loaded at 0x74600000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-08-13 10:51:27,769 [root] DEBUG: DLL loaded at 0x768C0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-08-13 10:51:27,786 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-08-13 10:51:27,786 [root] DEBUG: DLL unloaded from 0x74AF0000.
2019-08-13 10:51:27,786 [root] DEBUG: DLL unloaded from 0x74580000.
2019-08-13 10:51:27,832 [root] DEBUG: DLL loaded at 0x74530000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-08-13 10:51:27,832 [root] DEBUG: DLL loaded at 0x74540000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-08-13 10:51:27,832 [root] DEBUG: DLL unloaded from 0x75370000.
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74E30000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74E00000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74F00000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74DA0000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74EF0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74520000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-08-13 10:51:27,848 [root] DEBUG: DLL loaded at 0x74510000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-08-13 10:51:27,878 [root] DEBUG: DLL loaded at 0x744D0000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-08-13 10:51:27,910 [root] DEBUG: DLL loaded at 0x74B10000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-08-13 10:51:27,926 [root] DEBUG: DLL loaded at 0x74490000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-08-13 10:51:27,926 [root] DEBUG: DLL unloaded from 0x75760000.
2019-08-13 10:51:27,926 [root] DEBUG: DLL unloaded from 0x77050000.
2019-08-13 10:51:27,926 [root] DEBUG: DLL unloaded from 0x74490000.
2019-08-13 10:51:27,941 [root] DEBUG: DLL loaded at 0x74470000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-08-13 10:51:27,941 [root] DEBUG: DLL loaded at 0x74450000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-08-13 10:51:27,941 [root] DEBUG: DLL loaded at 0x74440000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-08-13 10:51:27,941 [root] DEBUG: DLL unloaded from 0x74B30000.
2019-08-13 10:51:27,941 [root] DEBUG: DLL unloaded from 0x74450000.
2019-08-13 10:51:27,973 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-08-13 10:51:27,973 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-08-13 10:51:27,973 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-08-13 10:51:27,973 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-08-13 10:51:27,973 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-08-13 10:51:27,973 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-08-13 10:51:27,987 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1708
2019-08-13 10:51:27,987 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 10:51:28,003 [lib.api.process] INFO: 64-bit DLL to inject is C:\akbpwcffg\dll\krOjynD.dll, loader C:\akbpwcffg\bin\rZKcoxPg.exe
2019-08-13 10:51:28,003 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-08-13 10:51:28,003 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-08-13 10:51:28,035 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\iknCBnNSVA.
2019-08-13 10:51:28,035 [root] DEBUG: Loader: Injecting process 1708 (thread 0) with C:\akbpwcffg\dll\krOjynD.dll.
2019-08-13 10:51:28,035 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed.
2019-08-13 10:51:28,035 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 10:51:28,035 [root] DEBUG: Process dumps enabled.
2019-08-13 10:51:28,035 [root] INFO: Disabling sleep skipping.
2019-08-13 10:51:28,065 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\profapi (0xb000 bytes).
2019-08-13 10:51:28,176 [root] WARNING: Unable to place hook on LockResource
2019-08-13 10:51:28,176 [root] WARNING: Unable to hook LockResource
2019-08-13 10:51:28,378 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1708 at 0x0000000074260000, image base 0x00000000FFA80000, stack from 0x0000000004622000-0x0000000004630000
2019-08-13 10:51:28,378 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-08-13 10:51:28,378 [root] INFO: Added new process to list with pid: 1708
2019-08-13 10:51:28,378 [root] INFO: Monitor successfully loaded in process with pid 1708.
2019-08-13 10:51:28,378 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-08-13 10:51:28,378 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-08-13 10:51:28,378 [root] DEBUG: Successfully injected DLL C:\akbpwcffg\dll\krOjynD.dll.
2019-08-13 10:51:28,487 [root] DEBUG: DLL loaded at 0x74230000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-08-13 10:51:28,549 [root] DEBUG: DLL loaded at 0x74220000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-08-13 10:51:28,706 [root] DEBUG: DLL loaded at 0x741F0000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-08-13 10:51:28,767 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-08-13 10:51:28,783 [root] DEBUG: DLL unloaded from 0x74340000.
2019-08-13 10:51:28,815 [root] DEBUG: DLL loaded at 0x741E0000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-08-13 10:51:28,956 [root] DEBUG: DLL loaded at 0x74160000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-08-13 10:51:29,424 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-08-13 10:51:29,424 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-08-13 10:51:29,424 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-08-13 10:51:29,438 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-08-13 10:51:29,486 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-08-13 10:51:29,611 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-08-13 10:51:29,641 [root] DEBUG: DLL loaded at 0x73F90000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-08-13 10:51:29,657 [root] DEBUG: DLL loaded at 0x73ED0000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-08-13 10:51:29,782 [root] DEBUG: DLL loaded at 0x752D0000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-08-13 10:51:29,798 [root] DEBUG: DLL loaded at 0x75850000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-08-13 10:51:29,798 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-08-13 10:51:29,798 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-08-13 10:51:29,798 [root] DEBUG: DLL loaded at 0x74B20000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-08-13 10:51:29,798 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-08-13 10:51:29,798 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-08-13 10:51:29,813 [root] DEBUG: DLL loaded at 0x741F0000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-08-13 10:51:29,813 [root] DEBUG: DLL loaded at 0x73E30000: C:\Windows\system32\msfeeds (0x96000 bytes).
2019-08-13 10:51:29,875 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-08-13 10:51:29,891 [root] DEBUG: DLL loaded at 0x73E00000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-08-13 10:51:29,907 [root] DEBUG: DLL loaded at 0x75520000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-08-13 10:51:29,907 [root] DEBUG: DLL loaded at 0x73E00000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-08-13 10:51:29,923 [root] DEBUG: DLL loaded at 0x74160000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-08-13 10:51:29,937 [root] DEBUG: DLL loaded at 0x73DE0000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim (0x11000 bytes).
2019-08-13 10:51:29,937 [root] DEBUG: DLL loaded at 0x73D40000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-08-13 10:51:29,953 [root] DEBUG: DLL loaded at 0x73150000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80 (0x87000 bytes).
2019-08-13 10:51:30,000 [root] DEBUG: DLL loaded at 0x73D30000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper (0x10000 bytes).
2019-08-13 10:51:30,234 [root] DEBUG: DLL unloaded from 0x75370000.
2019-08-13 10:51:30,282 [root] DEBUG: DLL loaded at 0x73010000: C:\PROGRA~2\MICROS~1\Office14\URLREDIR (0x91000 bytes).
2019-08-13 10:51:30,282 [root] DEBUG: DLL loaded at 0x74B00000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-08-13 10:51:30,282 [root] DEBUG: DLL loaded at 0x73140000: C:\Windows\system32\Secur32 (0x8000 bytes).
2019-08-13 10:51:30,296 [root] DEBUG: DLL loaded at 0x74E40000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90 (0xa3000 bytes).
2019-08-13 10:51:30,296 [root] DEBUG: DLL loaded at 0x73120000: C:\PROGRA~2\MICROS~1\Office14\MSOHEV (0x14000 bytes).
2019-08-13 10:51:30,344 [root] DEBUG: DLL loaded at 0x73110000: C:\Program Files (x86)\Java\jre7\bin\jp2ssv (0xf000 bytes).
2019-08-13 10:51:30,375 [root] DEBUG: DLL loaded at 0x72F50000: C:\Program Files (x86)\Java\jre7\bin\MSVCR100 (0xbe000 bytes).
2019-08-13 10:51:30,391 [root] DEBUG: set_caller_info: Adding region at 0x04470000 to caller regions list (ntdll::LdrLoadDll).
2019-08-13 10:51:30,421 [root] DEBUG: set_caller_info: Adding region at 0x008D0000 to caller regions list (advapi32::RegOpenKeyExA).
2019-08-13 10:51:30,421 [root] DEBUG: DLL unloaded from 0x75530000.
2019-08-13 10:51:30,437 [root] DEBUG: DLL loaded at 0x730B0000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-08-13 10:51:30,483 [root] DEBUG: DLL loaded at 0x745A0000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-08-13 10:51:30,483 [root] DEBUG: DLL loaded at 0x74580000: C:\Windows\system32\rasman (0x15000 bytes).
2019-08-13 10:51:30,500 [root] DEBUG: DLL unloaded from 0x745A0000.
2019-08-13 10:51:30,500 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-08-13 10:51:30,500 [root] DEBUG: DLL unloaded from 0x74580000.
2019-08-13 10:51:44,352 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF2C10000 to caller regions list (ntdll::NtDuplicateObject).
2019-08-13 10:51:44,368 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF86E0000 to caller regions list (ntdll::NtDuplicateObject).
2019-08-13 10:51:44,368 [root] DEBUG: DLL unloaded from 0x000007FEF59C0000.
2019-08-13 10:51:44,368 [root] DEBUG: DLL unloaded from 0x000007FEFA5F0000.
2019-08-13 10:51:44,368 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA5F0000 to caller regions list (ntdll::NtClose).
2019-08-13 10:51:44,368 [root] DEBUG: DLL unloaded from 0x000007FEFBAB0000.
2019-08-13 10:51:44,368 [root] DEBUG: DLL unloaded from 0x000007FEF9740000.
2019-08-13 10:51:44,384 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9740000 to caller regions list (ntdll::NtFreeVirtualMemory).
2019-08-13 10:51:44,384 [root] DEBUG: DLL unloaded from 0x000007FEF9C60000.
2019-08-13 10:51:44,384 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9C60000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-08-13 10:51:44,400 [root] DEBUG: DLL unloaded from 0x000007FEF96B0000.
2019-08-13 10:51:44,400 [root] DEBUG: DLL unloaded from 0x000007FEFA1D0000.
2019-08-13 10:51:44,400 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA1D0000 to caller regions list (ntdll::NtClose).
2019-08-13 10:51:44,400 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA100000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-08-13 10:51:56,755 [root] DEBUG: DLL unloaded from 0x000007FEFDF10000.
2019-08-13 10:51:58,782 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-08-13 10:54:46,499 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-08-13 10:54:46,499 [root] INFO: Created shutdown mutex.
2019-08-13 10:54:47,513 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 2480
2019-08-13 10:54:47,513 [root] INFO: Terminate event set for process 2480.
2019-08-13 10:54:47,513 [root] INFO: Terminating process 2480 before shutdown.
2019-08-13 10:54:47,513 [root] INFO: Waiting for process 2480 to exit.
2019-08-13 10:54:47,513 [root] DEBUG: Terminate Event: Attempting to dump process 2480
2019-08-13 10:54:47,513 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x01330000.
2019-08-13 10:54:47,513 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x01330000.
2019-08-13 10:54:47,513 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-08-13 10:54:47,543 [root] INFO: Added new CAPE file to list with path: C:\DlTCtA\CAPE\2480_16471793604754913282019
2019-08-13 10:54:47,543 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa2a00.
2019-08-13 10:54:48,526 [root] INFO: Terminating process 1668 before shutdown.
2019-08-13 10:54:48,526 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1708
2019-08-13 10:54:48,526 [root] INFO: Terminate event set for process 1708.
2019-08-13 10:54:48,526 [root] DEBUG: Terminate Event: Attempting to dump process 1708
2019-08-13 10:54:48,526 [root] INFO: Terminating process 1708 before shutdown.
2019-08-13 10:54:48,526 [root] INFO: Waiting for process 1708 to exit.
2019-08-13 10:54:48,526 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FFA80000.
2019-08-13 10:54:48,526 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FFA80000.
2019-08-13 10:54:48,526 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000002B790.
2019-08-13 10:54:48,605 [root] INFO: Added new CAPE file to list with path: C:\DlTCtA\CAPE\1708_15384000404854913282019
2019-08-13 10:54:48,605 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2bd200.
2019-08-13 10:54:49,530 [root] INFO: Shutting down package.
2019-08-13 10:54:49,530 [root] INFO: Stopping auxiliary modules.
2019-08-13 10:54:49,530 [root] INFO: Finishing auxiliary modules.
2019-08-13 10:54:49,530 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-08-13 10:54:49,530 [root] WARNING: File at path "C:\DlTCtA\debugger" does not exist, skip.
2019-08-13 10:54:49,530 [root] INFO: Analysis completed.

MalScore

2.0

Benign

Machine

Name Label Manager Started On Shutdown On
target-02 target-02 ESX 2019-08-13 09:51:20 2019-08-13 09:55:22

URL Details

URL
https://www.facebook.com/

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: propsys.dll/PSGetPropertyKeyFromName
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_GetIconSize
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: MSCTF.dll/SetInputScopes2
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: IEUI.dll/CreateGadget
DynamicLoader: IEUI.dll/SetGadgetMessageFilter
DynamicLoader: IEUI.dll/SetGadgetStyle
DynamicLoader: IEUI.dll/SetGadgetRootInfo
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: IEUI.dll/FindStdColor
DynamicLoader: IEUI.dll/InvalidateGadget
DynamicLoader: IEUI.dll/SetGadgetParent
DynamicLoader: IEUI.dll/GetGadgetTicket
DynamicLoader: IEUI.dll/SetGadgetRect
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: IEUI.dll/PeekMessageExW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: msfeeds.dll/MsfeedsCreateInstance
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHCreateDirectoryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerW
DynamicLoader: WININET.dll/FindNextUrlCacheContainerW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/GradientFill
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/WaitMessageEx
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: SHELL32.dll/SHChangeNotifyRegisterThread
DynamicLoader: comctl32.dll/
DynamicLoader: IEShims.dll/IEShims_SetRedirectRegistryForThread
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_Add
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: MLANG.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExA
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: urlmon.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: AcroIEHelper.dll/StubInit
DynamicLoader: AcroIEHelper.dll/StubSetSite
DynamicLoader: AcroIEHelper.dll/StubOnQuit
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: RASAPI32.dll/RasEnumEntriesW
DynamicLoader: rtutils.dll/TracePrintfExA
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: SHLWAPI.dll/PathCanonicalizeW
DynamicLoader: SHLWAPI.dll/PathRemoveFileSpecW
DynamicLoader: SHLWAPI.dll/PathFindFileNameW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids
DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EA12C5E5-BDAF-11E9-A15D-000C29BA3DA7}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\user\AppData\Local\Temp\~DF5A721F43D4800586.TMP
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\System32\url.dll
C:\Users\user\Favorites\Links
C:\
C:\Users
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
\??\MountPointManager
C:\Users\desktop.ini
C:\Users\user
C:\Users\user\Favorites
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\Favorites\Links\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EA12C5E6-BDAF-11E9-A15D-000C29BA3DA7}.dat
C:\Users\user\AppData\Local\Temp\~DF23B6BA1E9D57C9F1.TMP
C:\Users\user\Favorites\Links\Web Slice Gallery.url
C:\Users\user\AppData\Local\Microsoft\Feeds
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
\Device\KsecDD
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Internet Explorer\iexplore.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)
C:\Program Files (x86)\Microsoft Office
C:\Program Files (x86)\Microsoft Office\Office14
C:\Program Files (x86)\Microsoft Office\Office14\*.*
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre7\bin\server\jvm.dll
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\desktop.ini
C:\Windows\SysWOW64\ieframe.dll
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\user\Desktop
C:\Users\Public\Desktop
C:\Users\Public
C:\Users\Public\desktop.ini
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Links
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\user\Searches
C:\Users\user\Searches\desktop.ini
C:\Users\user\Videos
C:\Users\user\Videos\desktop.ini
C:\Users\user\Pictures
C:\Users\user\Pictures\desktop.ini
C:\Users\user\Contacts
C:\Users\user\Contacts\desktop.ini
C:\Users\user\Music
C:\Users\user\Music\desktop.ini
C:\Users\user\Downloads
C:\Users\user\Downloads\desktop.ini
C:\Users\user\Documents
C:\Users\user\Documents\desktop.ini
C:\Users\user\Links
C:\Users\user\Links\desktop.ini
C:\Users\user\Saved Games
C:\Users\user\Saved Games\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\user\Desktop\CapeOutput.bin
C:\Users\Public\Desktop\CapeOutput.bin
C:\Users\user\AppData
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EA12C5E5-BDAF-11E9-A15D-000C29BA3DA7}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\user\AppData\Local\Temp\~DF5A721F43D4800586.TMP
C:\Windows\System32\url.dll
C:\
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users
C:\Users\user
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\Favorites
C:\Users\user\Favorites\Links\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EA12C5E6-BDAF-11E9-A15D-000C29BA3DA7}.dat
C:\Users\user\AppData\Local\Temp\~DF23B6BA1E9D57C9F1.TMP
C:\Users\user\Favorites\Links
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
\Device\KsecDD
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Windows\SysWOW64\ieframe.dll
C:\Users\Public\desktop.ini
C:\Users\Public
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Links
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\user\Searches\desktop.ini
C:\Users\user\Videos\desktop.ini
C:\Users\user\Pictures\desktop.ini
C:\Users\user\Contacts\desktop.ini
C:\Users\user\Music\desktop.ini
C:\Users\user\Downloads\desktop.ini
C:\Users\user\Documents\desktop.ini
C:\Users\user\Links\desktop.ini
C:\Users\user\Saved Games\desktop.ini
C:\Users\user\Desktop
C:\Users\Public\Desktop
C:\Users\user\AppData
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EA12C5E5-BDAF-11E9-A15D-000C29BA3DA7}.dat
C:\Users\user\AppData\Local\Temp\~DF5A721F43D4800586.TMP
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EA12C5E6-BDAF-11E9-A15D-000C29BA3DA7}.dat
C:\Users\user\AppData\Local\Temp\~DF23B6BA1E9D57C9F1.TMP
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA12C5E5-BDAF-11E9-A15D-000C29BA3DA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Groups
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\EnabledScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\IE8RunOnceLastShown
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\IE8RunOnceLastShown
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Position
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\ConfiguredScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\User Favorites Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\UpgradeTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Migration
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseIE7AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchControlWidth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigrated
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedInstalled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Deleted
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SortIndex
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\TestHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\MarketingLinksMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\FeedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\CascadeFolderBands
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\CascadeFolderBands
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\DefaultItemWidth
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterTimerInterval
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterDisable
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsThreshold
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\clsid
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Lang0409
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default Visible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\clsid
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Lang0409
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default Visible
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Icon
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEDevTools
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksExplorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\LinksExplorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Width
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Height
HKEY_CURRENT_USER\Software\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Classes\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
\xe0\xbf\x98\xc2\xb4EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\DontUseDesktopChangeRouter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Marlett
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SQM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_CURRENT_USER\Software\Classes\AppID\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\74DD1FC8
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnablePreBinding
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\StatusBarWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\StatusBarWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBarLayout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{18df081c-e8ad-4283-a596-fa578c2ebdc3}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\AcroIEHelperShim.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b4f3a835-0e21-4959-ba22-42b3008e02ff}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\URLREDIR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dbc80044-a445-435b-bc74-9c25c1c588a9}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\jp2ssv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0\UseNewJavaPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0\JavaHome
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\Software\Microsoft\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Feeds\UrlCacheVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Suggested Sites
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security
HKEY_CURRENT_USER\Software\Microsoft\Security
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InsecureQI
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\NoStartPageAppUserModelIDs
HKEY_CLASSES_ROOT\Applications\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\UseExecutableForTaskbarGroupIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\TaskbarExceptionsIcons
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\SuppressionPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\UsersFiles\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\UsersFiles\NameSpace\DelegateFolders
HKEY_CLASSES_ROOT\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_LOCAL_MACHINE\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CLASSES_ROOT\.bin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\(Default)
HKEY_CLASSES_ROOT\.bin\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Unknown
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.bin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesChanges
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Groups
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\EnabledScopes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\IE8RunOnceLastShown
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\IE8RunOnceLastShown
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Position
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\ConfiguredScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\User Favorites Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\UpgradeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseIE7AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchControlWidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigrated
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedInstalled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Deleted
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SortIndex
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\TestHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\MarketingLinksMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\FeedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\CascadeFolderBands
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\CascadeFolderBands
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\DefaultItemWidth
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterTimerInterval
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterDisable
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Count
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default Visible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Count
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default Visible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Icon
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Width
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Height
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
\xe0\xbf\x98\xc2\xb4EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\DontUseDesktopChangeRouter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\74DD1FC8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnablePreBinding
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\StatusBarWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\StatusBarWeb
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBarLayout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0\UseNewJavaPlugin
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0\JavaHome
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
\xe8\x81\xa8\xc3\x8cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
\xe8\x81\xa8\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Feeds\UrlCacheVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InsecureQI
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\UseExecutableForTaskbarGroupIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA12C5E5-BDAF-11E9-A15D-000C29BA3DA7}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\UpgradeTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
iphlpapi.dll.GetAdaptersAddresses
dhcpcsvc.dll.DhcpRequestParams
comctl32.dll.LoadIconWithScaleDown
ieui.dll.InitGadgets
ieproxy.dll.DllGetClassObject
ieproxy.dll.DllCanUnloadNow
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
ole32.dll.CoInitializeEx
propsys.dll.PSGetPropertyKeyFromName
user32.dll.MsgWaitForMultipleObjectsEx
uxtheme.dll.OpenThemeData
comctl32.dll.#410
uxtheme.dll.IsAppThemed
comctl32.dll.ImageList_LoadImageW
comctl32.dll.ImageList_GetIconSize
uxtheme.dll.IsCompositionActive
uxtheme.dll.SetWindowTheme
comctl32.dll.ImageList_Create
comctl32.dll.ImageList_ReplaceIcon
oleaut32.dll.#10
comctl32.dll.ImageList_AddMasked
oleaut32.dll.#2
oleaut32.dll.#6
imm32.dll.ImmIsIME
urlmon.dll.CoInternetCreateSecurityManager
msctf.dll.SetInputScopes2
uxtheme.dll.EnableThemeDialogTexture
urlmon.dll.#408
ole32.dll.CreateBindCtx
uxtheme.dll.IsThemeActive
comctl32.dll.#328
comctl32.dll.#334
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
advapi32.dll.RegEnumKeyW
setupapi.dll.CM_Get_Device_Interface_List_ExW
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
advapi32.dll.SetSecurityDescriptorDacl
comctl32.dll.#332
advapi32.dll.IsTextUnicode
comctl32.dll.#338
comctl32.dll.#386
comctl32.dll.#339
shell32.dll.#102
ole32.dll.CoUninitialize
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PSPropertyBag_WriteStr
ole32.dll.PropVariantClear
oleaut32.dll.#9
propsys.dll.PSPropertyBag_WriteGUID
propsys.dll.PSPropertyBag_ReadGUID
ieui.dll.CreateGadget
ieui.dll.SetGadgetMessageFilter
ieui.dll.SetGadgetStyle
ieui.dll.SetGadgetRootInfo
xmllite.dll.CreateXmlReader
xmllite.dll.CreateXmlReaderInputWithEncodingName
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
ieui.dll.FindStdColor
ieui.dll.InvalidateGadget
ieui.dll.SetGadgetParent
ieui.dll.GetGadgetTicket
ieui.dll.SetGadgetRect
urlmon.dll.#103
urlmon.dll.#105
kernel32.dll.GetThreadUILanguage
ole32.dll.CoRegisterInitializeSpy
shell32.dll.SHGetInstanceExplorer
wininet.dll.InternetSetOptionW
user32.dll.PostMessageW
user32.dll.PeekMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
rpcrt4.dll.RpcBindingToStringBindingW
rpcrt4.dll.RpcStringBindingParseW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.I_RpcBindingInqLocalClientPID
rpcrt4.dll.RpcServerInqCallAttributesW
rpcrt4.dll.RpcImpersonateClient
rpcrt4.dll.RpcRevertToSelf
rpcrt4.dll.NdrServerCall2
rpcrt4.dll.RpcBindingInqObject
ieui.dll.PeekMessageExW
ole32.dll.CoInitialize
ole32.dll.RegisterDragDrop
msfeeds.dll.MsfeedsCreateInstance
shell32.dll.SHGetSpecialFolderPathW
shell32.dll.#66
shell32.dll.SHGetFolderPathW
shell32.dll.SHCreateDirectoryExW
wininet.dll.FindFirstUrlCacheContainerW
wininet.dll.FindNextUrlCacheContainerW
wininet.dll.FindCloseUrlCache
msimg32.dll.GradientFill
gdi32.dll.GetTextExtentExPointWPri
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
user32.dll.GetWindowLongW
user32.dll.IsWindow
user32.dll.SendMessageW
rpcrt4.dll.RpcBindingFree
ieui.dll.WaitMessageEx
advapi32.dll.EventWrite
advapi32.dll.EventRegister
advapi32.dll.EventUnregister
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.SetProcessDEPPolicy
user32.dll.SetProcessDPIAware
shell32.dll.SetCurrentProcessExplicitAppUserModelID
user32.dll.GetShellWindow
user32.dll.GetWindowThreadProcessId
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ieframe.dll.#251
kernel32.dll.WerSetFlags
comctl32.dll.PropertySheetW
comctl32.dll.PropertySheetA
comdlg32.dll.PageSetupDlgW
comdlg32.dll.PrintDlgW
ieshims.dll.IEShims_Initialize
kernel32.dll.VirtualProtect
user32.dll.SetWindowsHookExW
user32.dll.FindWindowExA
kernel32.dll.WaitForSingleObject
kernel32.dll.CreateProcessW
kernel32.dll.CreateProcessA
advapi32.dll.RegQueryValueA
ntdll.dll.LdrRegisterDllNotification
ole32.dll.CoGetApartmentType
comctl32.dll.#236
ole32.dll.CoGetMalloc
cryptbase.dll.SystemFunction036
kernel32.dll.WerRegisterMemoryBlock
kernel32.dll.WerUnregisterMemoryBlock
user32.dll.RegisterWindowMessageW
rpcrt4.dll.RpcServerUseProtseqW
rpcrt4.dll.RpcServerRegisterIfEx
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
rpcrt4.dll.RpcServerInqBindings
rpcrt4.dll.RpcEpRegisterW
rpcrt4.dll.RpcServerListen
user32.dll.RegisterClassExW
user32.dll.CreateWindowExW
user32.dll.DefWindowProcW
user32.dll.SetWindowLongW
urlmon.dll.#400
advapi32.dll.TraceMessage
advapi32.dll.TraceMessageVa
kernel32.dll.IsWow64Process
sqmapi.dll.SqmGetSession
sqmapi.dll.SqmEndSession
sqmapi.dll.SqmStartSession
sqmapi.dll.SqmStartUpload
sqmapi.dll.SqmWaitForUploadComplete
sqmapi.dll.SqmSet
sqmapi.dll.SqmSetBool
sqmapi.dll.SqmSetBits
sqmapi.dll.SqmSetString
sqmapi.dll.SqmIncrement
sqmapi.dll.SqmSetIfMax
sqmapi.dll.SqmSetIfMin
sqmapi.dll.SqmAddToAverage
sqmapi.dll.SqmAddToStreamDWord
sqmapi.dll.SqmAddToStreamString
sqmapi.dll.SqmSetAppId
sqmapi.dll.SqmSetAppVersion
sqmapi.dll.SqmSetMachineId
sqmapi.dll.SqmSetUserId
sqmapi.dll.SqmCreateNewId
sqmapi.dll.SqmReadSharedMachineId
sqmapi.dll.SqmReadSharedUserId
sqmapi.dll.SqmWriteSharedMachineId
sqmapi.dll.SqmWriteSharedUserId
sqmapi.dll.SqmIsWindowsOptedIn
advapi32.dll.OpenThreadToken
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
ntmarta.dll.GetMartaExtensionInterface
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
shell32.dll.SHChangeNotifyRegisterThread
comctl32.dll.#4
ieshims.dll.IEShims_SetRedirectRegistryForThread
apphelp.dll.ApphelpCheckShellObject
comctl32.dll.ImageList_Destroy
comctl32.dll.ImageList_Add
wininet.dll.GetUrlCacheEntryInfoExW
mlang.dll.#112
wininet.dll.GetUrlCacheEntryInfoExA
wininet.dll.InternetQueryOptionA
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
urlmon.dll.#104
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
acroiehelper.dll.StubInit
acroiehelper.dll.StubSetSite
acroiehelper.dll.StubOnQuit
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegEnumKeyA
advapi32.dll.RegEnumKeyExA
shlwapi.dll.PathFileExistsA
urlmon.dll.CreateUri
advapi32.dll.AddMandatoryAce
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
wininet.dll.GetUrlCacheEntryInfoW
sxs.dll.SxsOleAut32RedirectTypeLibrary
advapi32.dll.RegOpenKeyW
advapi32.dll.RegQueryValueW
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
rasapi32.dll.RasConnectionNotificationW
rasapi32.dll.RasEnumEntriesW
rtutils.dll.TracePrintfExA
shlwapi.dll.PathCanonicalizeW
shlwapi.dll.PathRemoveFileSpecW
shlwapi.dll.PathFindFileNameW
sechost.dll.NotifyServiceStatusChangeA
ntdll.dll.EtwUnregisterTraceGuids
Local\ZonesCounterMutex
Local\MSCTF.Asm.MutexDefault1
Local\RSS Eventing Connection Database Mutex 000009b0
Local\Feed Eventing Shared Memory Mutex S-1-5-21-120665959-548228820-2376508522-1001
IESQMMUTEX_0_208
Local\WininetStartupMutex
Local\!IETld!Mutex
Local\c:!users!user!appdata!local!microsoft!feeds cache!
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex

WHOIS Information

Name: Domain Admin
Country: US
State: CA
City: Menlo Park
ZIP Code: 94025
Address: 1601 Willow Rd

Orginization: Facebook, Inc.
Domain Name(s):
    FACEBOOK.COM
Creation Date:
    1997-03-29 05:00:00
Updated Date:
    2018-07-23 18:17:13
Expiration Date:
    2028-03-30 04:00:00
Email(s):
    abusecomplaints@registrarsafe.com
    domain@fb.com

Registrar(s):
    RegistrarSafe, LLC
Name Server(s):
    A.NS.FACEBOOK.COM
    B.NS.FACEBOOK.COM
Referral URL(s):
    None
This file is not on VirusTotal.

Process Tree


iexplore.exe, PID: 2480, Parent PID: 2672
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https://www.facebook.com/"
iexplore.exe, PID: 1668, Parent PID: 2480
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:79873
explorer.exe, PID: 1708, Parent PID: 1660
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name {EA12C5E6-BDAF-11E9-A15D-000C29BA3DA7}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EA12C5E6-BDAF-11E9-A15D-000C29BA3DA7}.dat
File Size 4096 bytes
File Type Composite Document File V2 Document, No summary info
MD5 d21ff7f4b063adf2477facbc7cc02bbc
SHA1 85d6d6f45e3496c7dbc08083e9c24815dd0a9c6b
SHA256 f0e5024e57d9a8fa8f9a6c6b12c03392a15e2bf1a189389beac8e1e8c5c5e0a9
CRC32 0F12C340
Ssdeep 12:rl0YmGFLrEgm8GL7KF/jrEgm8Gz7qPNlCgiNl26a1t:r5G8PjG8JNlLiNlI1t
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name RecoveryStore.{EA12C5E5-BDAF-11E9-A15D-000C29BA3DA7}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EA12C5E5-BDAF-11E9-A15D-000C29BA3DA7}.dat
File Size 3584 bytes
File Type Composite Document File V2 Document, No summary info
MD5 4540588795579a02026af7039e437aff
SHA1 fa709fc43c559b12d9936932185ebd3dd0269c16
SHA256 dfca521992df7d5b49a58f4a848cf3a5dadfaf99f063a8a1461f896fcd3f8546
CRC32 8B5F8F90
Ssdeep 12:rl0YmGF2CQrEg5+IaCrI017+Fa3DrEgmf+IaCy8qgQNlTq1tkanXR:rICQ5/xGv/TQNlW1tLnB
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 15f1793d145ef06def1cba376628eef7
SHA1 b267c307bdb05bc416fa9a058b804f13e27afa57
SHA256 fe25e0555372ef6dce5e8510446a4441ab2c289bfcca834e9afbd45601da2622
CRC32 7BD6EC3E
Ssdeep 3:qRFiJ2totWIltvlVl:qjyx
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 e02b5c7b25280da487209bd48b4163f9
SHA1 7d440a9292567af8570c34e52d03aed14405ae00
SHA256 42bc5d24dab11bbeb8fd93b797b3c5b7e70fee667293a32691767580f1a01a73
CRC32 9703369D
Ssdeep 48:qsLf/ZJLH3ZxqT/mf7RCpwV+4igHDt/UwbmXhBgkBVGWYCIh:qsb/Zp/q0lV9Nbojbm
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
File Size 65536 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 d6be67cde3eb8449a6b548dc7aa202cb
SHA1 3c06a401e85c3560dd5ebf59d30f1e1dccbe85bf
SHA256 373059c3e90f31c9467d294f83af774c2a61110c2bee075d7aece1e7950d1e9c
CRC32 E0397E0D
Ssdeep 384:tBwjxBNPrNa73dg3skdVQnQeW+4fTJ16ziXrAsjCCtn/NJ03:YBNaCdBr/CSl
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name iexplore.exe
PID 2480
Dump Size 666112 bytes
Module Path C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type PE imageexecutable
MD5 e8dcda713000650c02eca62b452dadbe
SHA1 b259333f856a8feed05e04d03860fd7460fd9c0a
SHA256 b3f8db4621c4bf686e557ea0a5df57d95ea0611028fe620ed2c3e1fe4d12fe62
CRC32 5FEE7C2D
Ssdeep 12288:DPX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+Y:DE6Ehg7mM+M6RkMkIM7gE6Eh67
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename b3f8db4621c4bf686e557ea0a5df57d95ea0611028fe620ed2c3e1fe4d12fe62
Download
Process Name explorer.exe
PID 1708
Dump Size 2871808 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 d76819f7f05bd81bb22791872a384170
SHA1 9d853a1cd4aa6bf84d02585a0e1a7abf6dabe2ef
SHA256 d7b4aa5b8901ef5b8bed4a16e8bc4fb50dbd8302a16c647dd5ebb2874759a941
CRC32 6016C830
Ssdeep 49152:xxrceI/lIRYraisQhFCU4NsvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojosod:7rcPlIWyuvYYYYYYYYYYYRYYYYYYYYYh
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename d7b4aa5b8901ef5b8bed4a16e8bc4fb50dbd8302a16c647dd5ebb2874759a941
Download

Comments



No comments posted

Processing ( 6.222 seconds )

  • 2.485 CAPE
  • 2.348 ProcDump
  • 0.948 BehaviorAnalysis
  • 0.209 Static
  • 0.117 Deduplicate
  • 0.103 Dropped
  • 0.006 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.869 seconds )

  • 0.446 antidbg_windows
  • 0.07 antiav_detectreg
  • 0.05 stealth_timeout
  • 0.031 api_spamming
  • 0.026 infostealer_ftp
  • 0.023 antivm_vbox_window
  • 0.018 antisandbox_script_timer
  • 0.015 infostealer_im
  • 0.014 antianalysis_detectreg
  • 0.012 antivm_generic_scsi
  • 0.009 infostealer_mail
  • 0.008 mimics_filetime
  • 0.007 Doppelganging
  • 0.007 antivm_generic_disk
  • 0.007 antivm_vbox_keys
  • 0.006 recon_programs
  • 0.006 antivm_generic_services
  • 0.006 antiav_detectfile
  • 0.005 bootkit
  • 0.005 virus
  • 0.005 antivm_vmware_keys
  • 0.004 persistence_autorun
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_files
  • 0.003 injection_createremotethread
  • 0.003 betabot_behavior
  • 0.003 InjectionCreateRemoteThread
  • 0.003 kibex_behavior
  • 0.003 dynamic_function_loading
  • 0.003 hancitor_behavior
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_xen_keys
  • 0.003 geodo_banking_trojan
  • 0.003 darkcomet_regkeys
  • 0.003 ransomware_extensions
  • 0.003 recon_fingerprint
  • 0.002 malicious_dynamic_function_loading
  • 0.002 InjectionInterProcess
  • 0.002 stack_pivot
  • 0.002 antiemu_wine_func
  • 0.002 InjectionProcessHollowing
  • 0.002 infostealer_browser_password
  • 0.002 injection_runpe
  • 0.002 kovter_behavior
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_generic_diskreg
  • 0.002 antivm_vbox_files
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.001 tinba_behavior
  • 0.001 hawkeye_behavior
  • 0.001 antidebug_guardpages
  • 0.001 rat_nanocore
  • 0.001 exploit_heapspray
  • 0.001 exploit_getbasekerneladdress
  • 0.001 modifies_desktop_wallpaper
  • 0.001 exploit_gethaldispatchtable
  • 0.001 antivm_vbox_libs
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 bypass_firewall
  • 0.001 ie_martian_children
  • 0.001 packer_armadillo_regkey

Reporting ( 0.009 seconds )

  • 0.009 CompressResults
Task ID 87664
Mongo ID 5d528916a391c3d188a438e0
Cuckoo release 1.3-CAPE
Delete