Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-09-10 09:31:15 2019-09-10 09:35:02 227 seconds Show Options Show Log
route = internet
procdump = 1
2019-09-10 10:31:16,000 [root] INFO: Date set to: 09-10-19, time set to: 09:31:16, timeout set to: 200
2019-09-10 10:31:16,015 [root] DEBUG: Starting analyzer from: C:\ghxsznfd
2019-09-10 10:31:16,015 [root] DEBUG: Storing results at: C:\JbdoXn
2019-09-10 10:31:16,015 [root] DEBUG: Pipe server name: \\.\PIPE\TIwDmoo
2019-09-10 10:31:16,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-09-10 10:31:16,015 [root] INFO: Automatically selected analysis package "ie"
2019-09-10 10:31:16,624 [root] DEBUG: Started auxiliary module Browser
2019-09-10 10:31:16,638 [root] DEBUG: Started auxiliary module Curtain
2019-09-10 10:31:16,638 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-09-10 10:31:16,638 [root] DEBUG: Started auxiliary module DigiSig
2019-09-10 10:31:16,654 [root] DEBUG: Started auxiliary module Disguise
2019-09-10 10:31:16,654 [root] DEBUG: Started auxiliary module Human
2019-09-10 10:31:16,670 [root] DEBUG: Started auxiliary module Screenshots
2019-09-10 10:31:16,670 [root] DEBUG: Started auxiliary module Sysmon
2019-09-10 10:31:16,670 [root] DEBUG: Started auxiliary module Usage
2019-09-10 10:31:16,670 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-09-10 10:31:16,670 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-09-10 10:31:16,888 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""https://onedrive.live.com/?authkey=%21AN32ekDWSO8VEck&cid=E8B0091C97F80BFE&id=E8B0091C97F80BFE%21111&parId=root&o=OneUp"" with pid 1856
2019-09-10 10:31:16,888 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-10 10:31:16,888 [lib.api.process] INFO: 32-bit DLL to inject is C:\ghxsznfd\dll\jOhoLQ.dll, loader C:\ghxsznfd\bin\IhobWEV.exe
2019-09-10 10:31:17,029 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\TIwDmoo.
2019-09-10 10:31:17,029 [root] DEBUG: Loader: Injecting process 1856 (thread 1796) with C:\ghxsznfd\dll\jOhoLQ.dll.
2019-09-10 10:31:17,029 [root] DEBUG: Process image base: 0x01120000
2019-09-10 10:31:17,029 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ghxsznfd\dll\jOhoLQ.dll.
2019-09-10 10:31:17,029 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x011C6000 - 0x77110000
2019-09-10 10:31:17,029 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x011D0000.
2019-09-10 10:31:17,029 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-10 10:31:17,045 [root] DEBUG: Successfully injected DLL C:\ghxsznfd\dll\jOhoLQ.dll.
2019-09-10 10:31:17,045 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1856
2019-09-10 10:31:19,056 [lib.api.process] INFO: Successfully resumed process with pid 1856
2019-09-10 10:31:19,056 [root] INFO: Added new process to list with pid: 1856
2019-09-10 10:31:19,119 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-10 10:31:19,119 [root] DEBUG: Process dumps enabled.
2019-09-10 10:31:19,197 [root] INFO: Disabling sleep skipping.
2019-09-10 10:31:19,197 [root] INFO: Disabling sleep skipping.
2019-09-10 10:31:19,197 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-10 10:31:19,197 [root] INFO: Disabling sleep skipping.
2019-09-10 10:31:19,197 [root] INFO: Disabling sleep skipping.
2019-09-10 10:31:19,197 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1856 at 0x747e0000, image base 0x1120000, stack from 0x362000-0x370000
2019-09-10 10:31:19,197 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https:\onedrive.live.com\?authkey=-- UNKNOWN FORMAT STRING -- 1AN32ekDWSO8VEck&cid=E8B0091C97F80BFE&id=E8B0091C97F80BFE-- UNKNOWN FORMAT STRING -- 1111&parId=root&o=OneUp".
2019-09-10 10:31:19,197 [root] INFO: Monitor successfully loaded in process with pid 1856.
2019-09-10 10:31:19,213 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-09-10 10:31:19,259 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-09-10 10:31:19,306 [root] DEBUG: DLL loaded at 0x74990000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-09-10 10:31:19,322 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-09-10 10:31:19,354 [root] DEBUG: DLL loaded at 0x74980000: C:\Windows\system32\profapi (0xb000 bytes).
2019-09-10 10:31:19,368 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-09-10 10:31:19,368 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-09-10 10:31:19,384 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-09-10 10:31:19,384 [root] DEBUG: DLL loaded at 0x74960000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-09-10 10:31:19,384 [root] DEBUG: DLL loaded at 0x74950000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-09-10 10:31:19,384 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-10 10:31:19,415 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-09-10 10:31:19,415 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-09-10 10:31:19,431 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-09-10 10:31:19,431 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-09-10 10:31:19,431 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-09-10 10:31:19,447 [root] DEBUG: DLL unloaded from 0x74340000.
2019-09-10 10:31:19,447 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-09-10 10:31:19,509 [root] DEBUG: DLL loaded at 0x74360000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-09-10 10:31:19,525 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-09-10 10:31:19,525 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-09-10 10:31:19,525 [root] DEBUG: DLL unloaded from 0x74360000.
2019-09-10 10:31:19,525 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-09-10 10:31:19,525 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-09-10 10:31:19,540 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-09-10 10:31:19,555 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-09-10 10:31:19,650 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-09-10 10:31:19,665 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-09-10 10:31:19,665 [root] DEBUG: DLL unloaded from 0x01120000.
2019-09-10 10:31:19,680 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 1596
2019-09-10 10:31:19,680 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-10 10:31:19,680 [lib.api.process] INFO: 32-bit DLL to inject is C:\ghxsznfd\dll\jOhoLQ.dll, loader C:\ghxsznfd\bin\IhobWEV.exe
2019-09-10 10:31:19,680 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\TIwDmoo.
2019-09-10 10:31:19,680 [root] DEBUG: Loader: Injecting process 1596 (thread 2208) with C:\ghxsznfd\dll\jOhoLQ.dll.
2019-09-10 10:31:19,680 [root] DEBUG: Process image base: 0x01120000
2019-09-10 10:31:19,680 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ghxsznfd\dll\jOhoLQ.dll.
2019-09-10 10:31:19,680 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x011C6000 - 0x77110000
2019-09-10 10:31:19,680 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x011D0000.
2019-09-10 10:31:19,680 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-10 10:31:19,680 [root] DEBUG: Successfully injected DLL C:\ghxsznfd\dll\jOhoLQ.dll.
2019-09-10 10:31:19,680 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1596
2019-09-10 10:31:19,680 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-09-10 10:31:19,680 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-09-10 10:31:19,680 [root] DEBUG: DLL unloaded from 0x74340000.
2019-09-10 10:31:19,697 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-10 10:31:19,697 [root] DEBUG: Process dumps enabled.
2019-09-10 10:31:19,697 [root] INFO: Disabling sleep skipping.
2019-09-10 10:31:19,697 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-09-10 10:31:19,697 [root] DEBUG: DLL unloaded from 0x747D0000.
2019-09-10 10:31:19,697 [root] DEBUG: DLL unloaded from 0x74320000.
2019-09-10 10:31:19,697 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-10 10:31:19,697 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1596 at 0x747e0000, image base 0x1120000, stack from 0x152000-0x160000
2019-09-10 10:31:19,697 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1856 CREDAT:79873.
2019-09-10 10:31:19,697 [root] INFO: Added new process to list with pid: 1596
2019-09-10 10:31:19,697 [root] INFO: Monitor successfully loaded in process with pid 1596.
2019-09-10 10:31:19,697 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-09-10 10:31:19,697 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-09-10 10:31:19,697 [root] DEBUG: DLL unloaded from 0x75600000.
2019-09-10 10:31:19,697 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-09-10 10:31:19,697 [root] DEBUG: DLL loaded at 0x74990000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-09-10 10:31:19,697 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-09-10 10:31:19,711 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-09-10 10:31:19,711 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-09-10 10:31:19,727 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-09-10 10:31:19,743 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-09-10 10:31:19,743 [root] DEBUG: DLL loaded at 0x742D0000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-09-10 10:31:19,759 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-09-10 10:31:19,775 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-09-10 10:31:19,775 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-09-10 10:31:19,775 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-09-10 10:31:19,775 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-09-10 10:31:19,775 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-09-10 10:31:19,775 [root] DEBUG: DLL loaded at 0x74270000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-09-10 10:31:19,775 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-09-10 10:31:19,775 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-09-10 10:31:19,775 [root] DEBUG: DLL unloaded from 0x74270000.
2019-09-10 10:31:19,789 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-09-10 10:31:19,789 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-09-10 10:31:19,789 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-10 10:31:19,789 [lib.api.process] INFO: 64-bit DLL to inject is C:\ghxsznfd\dll\TUzHOF.dll, loader C:\ghxsznfd\bin\EPNMHXlC.exe
2019-09-10 10:31:19,805 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\TIwDmoo.
2019-09-10 10:31:19,805 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-09-10 10:31:19,805 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\ghxsznfd\dll\TUzHOF.dll.
2019-09-10 10:31:19,805 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-09-10 10:31:19,822 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed.
2019-09-10 10:31:19,822 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-09-10 10:31:19,822 [root] DEBUG: DLL loaded at 0x741F0000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-09-10 10:31:19,822 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-09-10 10:31:19,822 [root] DEBUG: DLL loaded at 0x741E0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-09-10 10:31:19,822 [root] DEBUG: DLL unloaded from 0x74960000.
2019-09-10 10:31:19,822 [root] DEBUG: DLL unloaded from 0x741F0000.
2019-09-10 10:31:19,836 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-10 10:31:19,836 [root] DEBUG: Process dumps enabled.
2019-09-10 10:31:19,836 [root] INFO: Disabling sleep skipping.
2019-09-10 10:31:19,836 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-09-10 10:31:19,852 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-10 10:31:19,852 [root] DEBUG: DLL loaded at 0x74000000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-09-10 10:31:19,868 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-09-10 10:31:19,868 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-09-10 10:31:19,884 [root] WARNING: Unable to place hook on LockResource
2019-09-10 10:31:19,884 [root] WARNING: Unable to hook LockResource
2019-09-10 10:31:19,900 [root] DEBUG: DLL loaded at 0x74980000: C:\Windows\system32\profapi (0xb000 bytes).
2019-09-10 10:31:19,946 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x0000000074100000, image base 0x00000000FF900000, stack from 0x00000000065E2000-0x00000000065F0000
2019-09-10 10:31:19,961 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-09-10 10:31:19,961 [root] INFO: Added new process to list with pid: 1632
2019-09-10 10:31:19,961 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-09-10 10:31:19,961 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-09-10 10:31:19,961 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-09-10 10:31:19,961 [root] DEBUG: Successfully injected DLL C:\ghxsznfd\dll\TUzHOF.dll.
2019-09-10 10:31:19,993 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-09-10 10:31:19,993 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-09-10 10:31:20,023 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-09-10 10:31:20,039 [root] DEBUG: DLL loaded at 0x74000000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-09-10 10:31:20,055 [root] DEBUG: DLL unloaded from 0x74000000.
2019-09-10 10:31:20,055 [root] DEBUG: DLL loaded at 0x73F80000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-09-10 10:31:20,086 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-09-10 10:31:20,257 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-09-10 10:31:20,257 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-09-10 10:31:20,257 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-09-10 10:31:20,273 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-09-10 10:31:20,289 [root] DEBUG: DLL loaded at 0x73ED0000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-09-10 10:31:20,398 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-09-10 10:31:20,430 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-09-10 10:31:20,446 [root] DEBUG: DLL loaded at 0x73C70000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-09-10 10:31:20,523 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCB00000 to caller regions list (msvcrt::memcpy).
2019-09-10 10:31:20,539 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF71F0000 to caller regions list (ntdll::NtCreateEvent).
2019-09-10 10:31:20,632 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-09-10 10:31:20,632 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-09-10 10:31:20,632 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-09-10 10:31:20,632 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-09-10 10:31:20,648 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-09-10 10:31:20,648 [root] DEBUG: DLL loaded at 0x74960000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-09-10 10:31:20,648 [root] DEBUG: DLL loaded at 0x74950000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-09-10 10:31:20,648 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-09-10 10:31:20,648 [root] DEBUG: DLL loaded at 0x73BD0000: C:\Windows\system32\msfeeds (0x96000 bytes).
2019-09-10 10:31:20,742 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-09-10 10:31:20,742 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-09-10 10:31:20,757 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-09-10 10:31:20,757 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-09-10 10:31:20,773 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-09-10 10:31:20,789 [root] DEBUG: DLL loaded at 0x73B80000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim (0x11000 bytes).
2019-09-10 10:31:20,789 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-09-10 10:31:20,789 [root] DEBUG: DLL loaded at 0x72EE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80 (0x87000 bytes).
2019-09-10 10:31:20,819 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper (0x10000 bytes).
2019-09-10 10:31:21,115 [root] DEBUG: DLL loaded at 0x72DA0000: C:\PROGRA~2\MICROS~1\Office14\URLREDIR (0x91000 bytes).
2019-09-10 10:31:21,115 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-09-10 10:31:21,131 [root] DEBUG: DLL loaded at 0x72ED0000: C:\Windows\system32\Secur32 (0x8000 bytes).
2019-09-10 10:31:21,131 [root] DEBUG: DLL loaded at 0x74D80000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90 (0xa3000 bytes).
2019-09-10 10:31:21,148 [root] DEBUG: DLL loaded at 0x72EB0000: C:\PROGRA~2\MICROS~1\Office14\MSOHEV (0x14000 bytes).
2019-09-10 10:31:21,163 [root] DEBUG: DLL loaded at 0x72EA0000: C:\Program Files (x86)\Java\jre7\bin\jp2ssv (0xf000 bytes).
2019-09-10 10:31:21,194 [root] DEBUG: DLL loaded at 0x72CE0000: C:\Program Files (x86)\Java\jre7\bin\MSVCR100 (0xbe000 bytes).
2019-09-10 10:31:21,210 [root] DEBUG: set_caller_info: Adding region at 0x04340000 to caller regions list (ntdll::LdrLoadDll).
2019-09-10 10:31:21,226 [root] DEBUG: set_caller_info: Adding region at 0x009C0000 to caller regions list (advapi32::RegOpenKeyExA).
2019-09-10 10:31:21,226 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-09-10 10:31:21,256 [root] DEBUG: DLL loaded at 0x72E40000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL unloaded from 0x74340000.
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL unloaded from 0x74320000.
2019-09-10 10:31:21,319 [root] DEBUG: DLL unloaded from 0x75600000.
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-09-10 10:31:21,319 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-09-10 10:31:21,335 [root] DEBUG: DLL loaded at 0x741F0000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-09-10 10:31:21,335 [root] DEBUG: DLL loaded at 0x741E0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-09-10 10:31:21,335 [root] DEBUG: DLL unloaded from 0x74960000.
2019-09-10 10:31:21,335 [root] DEBUG: DLL unloaded from 0x741F0000.
2019-09-10 10:31:21,397 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-09-10 10:31:21,397 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-09-10 10:31:21,413 [root] DEBUG: DLL loaded at 0x72CC0000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-09-10 10:31:21,413 [root] DEBUG: DLL loaded at 0x75470000: C:\Windows\syswow64\wintrust (0x2d000 bytes).
2019-09-10 10:31:21,444 [root] DEBUG: DLL loaded at 0x72C80000: C:\Windows\system32\schannel (0x3a000 bytes).
2019-09-10 10:31:21,474 [root] DEBUG: DLL loaded at 0x72C60000: C:\Windows\system32\DWMAPI (0x13000 bytes).
2019-09-10 10:31:21,490 [root] DEBUG: DLL loaded at 0x72E40000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-09-10 10:31:21,522 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-09-10 10:31:21,569 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-09-10 10:31:22,115 [root] DEBUG: DLL unloaded from 0x75600000.
2019-09-10 10:31:22,270 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico" does not exist, skip.
2019-09-10 10:31:23,628 [root] DEBUG: DLL unloaded from 0x75600000.
2019-09-10 10:31:23,658 [root] DEBUG: DLL loaded at 0x72C50000: C:\Windows\system32\credssp (0x8000 bytes).
2019-09-10 10:31:23,658 [root] DEBUG: DLL unloaded from 0x74C70000.
2019-09-10 10:31:23,783 [root] DEBUG: DLL loaded at 0x72C10000: C:\Windows\system32\ncrypt (0x38000 bytes).
2019-09-10 10:31:23,783 [root] DEBUG: DLL loaded at 0x72BF0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2019-09-10 10:31:23,783 [root] DEBUG: DLL loaded at 0x72BB0000: C:\Windows\SysWOW64\bcryptprimitives (0x3d000 bytes).
2019-09-10 10:31:23,815 [root] DEBUG: DLL loaded at 0x72B90000: C:\Windows\system32\GPAPI (0x16000 bytes).
2019-09-10 10:31:23,831 [root] DEBUG: DLL loaded at 0x72B70000: C:\Windows\system32\cryptnet (0x1c000 bytes).
2019-09-10 10:31:23,845 [root] DEBUG: DLL loaded at 0x72B10000: C:\Windows\system32\WINHTTP (0x58000 bytes).
2019-09-10 10:31:23,845 [root] DEBUG: DLL loaded at 0x72AC0000: C:\Windows\system32\webio (0x4f000 bytes).
2019-09-10 10:31:23,845 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-09-10 10:31:23,845 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-09-10 10:31:23,845 [root] DEBUG: DLL unloaded from 0x72B10000.
2019-09-10 10:31:23,861 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-09-10 10:31:23,861 [root] DEBUG: DLL unloaded from 0x72B10000.
2019-09-10 10:31:23,956 [root] DEBUG: DLL unloaded from 0x72B70000.
2019-09-10 10:31:24,017 [root] DEBUG: DLL loaded at 0x72AA0000: C:\Windows\system32\Cabinet (0x15000 bytes).
2019-09-10 10:31:24,033 [root] DEBUG: DLL loaded at 0x72A90000: C:\Windows\system32\DEVRTL (0xe000 bytes).
2019-09-10 10:31:24,033 [root] DEBUG: DLL unloaded from 0x75A70000.
2019-09-10 10:31:24,907 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-09-10 10:31:25,094 [root] DEBUG: DLL loaded at 0x724D0000: C:\Windows\SysWOW64\mshtml (0x5b7000 bytes).
2019-09-10 10:31:25,157 [root] DEBUG: DLL loaded at 0x724A0000: C:\Windows\SysWOW64\msls31 (0x2a000 bytes).
2019-09-10 10:31:25,266 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\onedrive_live_com[1].txt" does not exist, skip.
2019-09-10 10:31:25,296 [root] DEBUG: DLL loaded at 0x72490000: C:\Windows\system32\msimtf (0xb000 bytes).
2019-09-10 10:31:25,375 [root] DEBUG: DLL loaded at 0x723D0000: C:\Windows\SysWOW64\jscript (0xb2000 bytes).
2019-09-10 10:31:25,405 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-09-10 10:31:25,421 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-09-10 10:31:25,421 [root] DEBUG: DLL unloaded from 0x72B10000.
2019-09-10 10:31:25,437 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-09-10 10:31:25,437 [root] DEBUG: DLL unloaded from 0x72B10000.
2019-09-10 10:31:25,469 [root] DEBUG: DLL unloaded from 0x72B70000.
2019-09-10 10:31:25,640 [root] DEBUG: DLL loaded at 0x723A0000: C:\Windows\SysWOW64\iepeers (0x30000 bytes).
2019-09-10 10:31:25,671 [root] DEBUG: DLL loaded at 0x72340000: C:\Windows\SysWOW64\WINSPOOL.DRV (0x51000 bytes).
2019-09-10 10:31:25,937 [root] DEBUG: DLL loaded at 0x72330000: C:\Windows\system32\ImgUtil (0xb000 bytes).
2019-09-10 10:31:25,937 [root] DEBUG: set_caller_info: Adding region at 0x72330000 to caller regions list (ole32::CoCreateInstance).
2019-09-10 10:31:25,967 [root] DEBUG: DLL loaded at 0x72320000: C:\Windows\SysWOW64\pngfilt (0xe000 bytes).
2019-09-10 10:31:25,983 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\msimg32 (0x5000 bytes).
2019-09-10 10:31:25,983 [root] DEBUG: set_caller_info: Adding region at 0x73FC0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-09-10 10:31:26,046 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-09-10 10:31:26,217 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-09-10 10:31:26,920 [root] DEBUG: DLL loaded at 0x721E0000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-09-10 10:31:26,934 [root] DEBUG: set_caller_info: Adding region at 0x721E0000 to caller regions list (ntdll::LdrLoadDll).
2019-09-10 10:31:30,305 [root] DEBUG: DLL loaded at 0x721E0000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-09-10 10:31:31,131 [root] INFO: Announced 32-bit process name:  pid: 1
2019-09-10 10:31:31,131 [lib.api.process] WARNING: The process with pid 1 is not alive, injection aborted
2019-09-10 10:31:31,131 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-09-10 10:31:31,224 [root] DEBUG: DLL unloaded from 0x000007FEFB9C0000.
2019-09-10 10:31:50,039 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-09-10 10:31:51,568 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-09-10 10:31:53,970 [root] DEBUG: DLL unloaded from 0x72B70000.
2019-09-10 10:31:53,970 [root] DEBUG: DLL unloaded from 0x75790000.
2019-09-10 10:32:04,483 [root] DEBUG: DLL unloaded from 0x743A0000.
2019-09-10 10:32:17,292 [root] DEBUG: DLL unloaded from 0x75600000.
2019-09-10 10:32:22,315 [root] DEBUG: DLL unloaded from 0x75600000.
2019-09-10 10:32:23,969 [root] DEBUG: DLL unloaded from 0x72B10000.
2019-09-10 10:32:27,306 [root] DEBUG: DLL unloaded from 0x75600000.
2019-09-10 10:33:36,493 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8390000 to caller regions list (ntdll::NtDuplicateObject).
2019-09-10 10:33:36,509 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-09-10 10:33:49,487 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-09-10 10:34:40,875 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-09-10 10:34:40,875 [root] INFO: Created shutdown mutex.
2019-09-10 10:34:41,888 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1856
2019-09-10 10:34:41,888 [root] INFO: Terminate event set for process 1856.
2019-09-10 10:34:41,888 [root] INFO: Terminating process 1856 before shutdown.
2019-09-10 10:34:41,888 [root] INFO: Waiting for process 1856 to exit.
2019-09-10 10:34:41,888 [root] DEBUG: Terminate Event: Attempting to dump process 1856
2019-09-10 10:34:41,888 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x01120000.
2019-09-10 10:34:41,997 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x01120000.
2019-09-10 10:34:41,997 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-09-10 10:34:42,045 [root] INFO: Added new CAPE file to list with path: C:\JbdoXn\CAPE\1856_17264604854234910292019
2019-09-10 10:34:42,045 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa2a00.
2019-09-10 10:34:42,045 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DFA5F32D3217551C3D.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DFA5F32D3217551C3D.TMP'
2019-09-10 10:34:42,045 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DF0A7E8FB8B267A0F5.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DF0A7E8FB8B267A0F5.TMP'
2019-09-10 10:34:42,903 [root] INFO: Terminating process 1596 before shutdown.
2019-09-10 10:34:42,903 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1632
2019-09-10 10:34:42,903 [root] DEBUG: Terminate Event: Attempting to dump process 1632
2019-09-10 10:34:42,903 [root] INFO: Terminate event set for process 1632.
2019-09-10 10:34:42,903 [root] INFO: Terminating process 1632 before shutdown.
2019-09-10 10:34:42,903 [root] INFO: Waiting for process 1632 to exit.
2019-09-10 10:34:42,903 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FF900000.
2019-09-10 10:34:42,903 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF900000.
2019-09-10 10:34:42,903 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000002B790.
2019-09-10 10:34:42,980 [root] INFO: Added new CAPE file to list with path: C:\JbdoXn\CAPE\1632_8959524684234910292019
2019-09-10 10:34:42,980 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2bd200.
2019-09-10 10:34:43,911 [root] INFO: Shutting down package.
2019-09-10 10:34:43,911 [root] INFO: Stopping auxiliary modules.
2019-09-10 10:34:43,911 [root] INFO: Finishing auxiliary modules.
2019-09-10 10:34:43,911 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-09-10 10:34:43,911 [root] WARNING: File at path "C:\JbdoXn\debugger" does not exist, skip.
2019-09-10 10:34:43,911 [root] WARNING: Monitor injection attempted but failed for process 1.
2019-09-10 10:34:43,911 [root] INFO: Analysis completed.

MalScore

7.0

Malicious

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-09-10 09:31:15 2019-09-10 09:34:59

URL Details

URL
https://onedrive.live.com/?authkey=%21AN32ekDWSO8VEck&cid=E8B0091C97F80BFE&id=E8B0091C97F80BFE%21111&parId=root&o=OneUp

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected - possible anti-debugging.
Attempts to connect to a dead IP:Port (5 unique times)
IP: 93.184.220.29:80 (Europe)
IP: 2.19.149.227:443 (Europe)
IP: 204.79.197.200:80 (United States)
IP: 13.107.42.13:443 (United States)
IP: 104.86.110.235:443 (Netherlands)
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: propsys.dll/PSGetPropertyKeyFromName
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_GetIconSize
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: MSCTF.dll/SetInputScopes2
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: IEUI.dll/CreateGadget
DynamicLoader: IEUI.dll/SetGadgetMessageFilter
DynamicLoader: IEUI.dll/SetGadgetStyle
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IEUI.dll/SetGadgetRootInfo
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: comctl32.dll/
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: IEUI.dll/FindStdColor
DynamicLoader: IEUI.dll/InvalidateGadget
DynamicLoader: IEUI.dll/SetGadgetParent
DynamicLoader: IEUI.dll/GetGadgetTicket
DynamicLoader: IEUI.dll/SetGadgetRect
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: IEUI.dll/PeekMessageExW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: msfeeds.dll/MsfeedsCreateInstance
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHCreateDirectoryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerW
DynamicLoader: WININET.dll/FindNextUrlCacheContainerW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/GradientFill
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/WaitMessageEx
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToTLBPath
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: propsys.dll/PSStringFromPropertyKey
DynamicLoader: propsys.dll/PSGetPropertyDescription
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: propsys.dll/PropVariantToString
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: USP10.dll/ScriptIsComplex
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath
DynamicLoader: urlmon.dll/URLDownloadToFileW
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: urlmon.dll/CoInternetQueryInfo
DynamicLoader: comctl32.dll/ImageList_GetImageCount
DynamicLoader: comctl32.dll/HIMAGELIST_QueryInterface
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: RPCRT4.dll/UuidCreateSequential
DynamicLoader: ole32.dll/StgOpenStorageEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/CharLowerW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CryptUnprotectData
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: CRYPTBASE.dll/SystemFunction041
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/FindGadgetFromPoint
DynamicLoader: IEUI.dll/DUserSendEvent
DynamicLoader: IEUI.dll/GetGadgetRect
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: SHELL32.dll/SHChangeNotifyRegisterThread
DynamicLoader: comctl32.dll/
DynamicLoader: IEShims.dll/IEShims_SetRedirectRegistryForThread
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_Add
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: MLANG.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExA
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: urlmon.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: AcroIEHelper.dll/StubInit
DynamicLoader: AcroIEHelper.dll/StubSetSite
DynamicLoader: AcroIEHelper.dll/StubOnQuit
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: RASAPI32.dll/RasEnumEntriesW
DynamicLoader: rtutils.dll/TraceRegisterExA
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: rtutils.dll/TracePrintfExA
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: SHLWAPI.dll/PathCanonicalizeW
DynamicLoader: SHLWAPI.dll/PathRemoveFileSpecW
DynamicLoader: SHLWAPI.dll/PathFindFileNameW
DynamicLoader: sechost.dll/OpenServiceA
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: sensapi.dll/IsNetworkAlive
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: NLAapi.dll/NSPStartup
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: urlmon.dll/CreateAsyncBindCtxEx
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/CreateFormatEnumerator
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: MLANG.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/CreateIUriBuilder
DynamicLoader: urlmon.dll/IntlPercentEncodeNormalize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: DWMAPI.DLL/DwmSetWindowAttribute
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BufferedPaintRenderAnimation
DynamicLoader: UxTheme.dll/BeginBufferedAnimation
DynamicLoader: UxTheme.dll/DrawThemeParentBackground
DynamicLoader: UxTheme.dll/EndBufferedAnimation
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: CRYPTSP.dll/SystemFunction035
DynamicLoader: schannel.DLL/SpUserModeInitialize
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: CRYPT32.dll/CertDuplicateStore
DynamicLoader: CRYPT32.dll/CertControlStore
DynamicLoader: CRYPT32.dll/CertCloseStore
DynamicLoader: Secur32.dll/FreeContextBuffer
DynamicLoader: ncrypt.dll/SslOpenProvider
DynamicLoader: ncrypt.dll/GetSChannelInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/SslIncrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslImportKey
DynamicLoader: bcryptprimitives.dll/GetCipherInterface
DynamicLoader: ncrypt.dll/SslLookupCipherSuiteInfo
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateContext
DynamicLoader: wintrust.dll/HTTPSCertificateTrust
DynamicLoader: wintrust.dll/HTTPSFinalProv
DynamicLoader: wintrust.dll/SoftpubInitialize
DynamicLoader: wintrust.dll/SoftpubLoadMessage
DynamicLoader: wintrust.dll/SoftpubLoadSignature
DynamicLoader: wintrust.dll/SoftpubCheckCert
DynamicLoader: wintrust.dll/SoftpubCleanup
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: WINHTTP.dll/WinHttpOpen
DynamicLoader: WINHTTP.dll/WinHttpSetTimeouts
DynamicLoader: WINHTTP.dll/WinHttpSetOption
DynamicLoader: WINHTTP.dll/WinHttpCrackUrl
DynamicLoader: SHLWAPI.dll/StrCmpNW
DynamicLoader: WINHTTP.dll/WinHttpConnect
DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
DynamicLoader: WINHTTP.dll/WinHttpGetDefaultProxyConfiguration
DynamicLoader: WINHTTP.dll/WinHttpGetIEProxyConfigForCurrentUser
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: iphlpapi.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: iphlpapi.DLL/GetIfEntry2
DynamicLoader: iphlpapi.DLL/GetIpForwardTable2
DynamicLoader: iphlpapi.DLL/GetIpNetEntry2
DynamicLoader: iphlpapi.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: WINHTTP.dll/WinHttpGetProxyForUrl
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpSendRequest
DynamicLoader: ws2_32.DLL/GetAddrInfoW
DynamicLoader: ws2_32.DLL/WSASocketW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSAIoctl
DynamicLoader: ws2_32.DLL/FreeAddrInfoW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSARecv
DynamicLoader: ws2_32.DLL/WSASend
DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
DynamicLoader: WINHTTP.dll/WinHttpQueryHeaders
DynamicLoader: SHLWAPI.dll/StrStrIW
DynamicLoader: WINHTTP.dll/WinHttpQueryDataAvailable
DynamicLoader: WINHTTP.dll/WinHttpReadData
DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateChain
DynamicLoader: CRYPT32.dll/CertGetCertificateContextProperty
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CertFreeCertificateChain
DynamicLoader: CRYPT32.dll/CertFreeCertificateContext
DynamicLoader: ncrypt.dll/SslEncryptPacket
DynamicLoader: ncrypt.dll/SslDecryptPacket
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: urlmon.dll/CoInternetQueryInfo
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IEFRAME.dll/
DynamicLoader: urlmon.dll/RegisterFormatEnumerator
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/VariantClear
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabled
DynamicLoader: urlmon.dll/
DynamicLoader: WININET.dll/InternetGetSecurityInfoByURLW
DynamicLoader: CRYPT32.dll/CertGetCertificateContextProperty
DynamicLoader: CRYPT32.dll/CryptDecodeObject
DynamicLoader: CRYPT32.dll/CryptDecodeObject
DynamicLoader: CRYPT32.dll/CertGetNameStringW
DynamicLoader: CRYPT32.dll/CertFreeCertificateChain
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoGetObjectContext
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/BSTR_UserSize
DynamicLoader: OLEAUT32.dll/BSTR_UserMarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserUnmarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserFree
DynamicLoader: OLEAUT32.dll/VARIANT_UserSize
DynamicLoader: OLEAUT32.dll/VARIANT_UserMarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserUnmarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserFree
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserSize
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserMarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserUnmarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserFree
DynamicLoader: urlmon.dll/
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpTimeFromSystemTime
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: WININET.dll/CreateUrlCacheContainerW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: OLEAUT32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: bcryptprimitives.dll/GetCipherInterface
DynamicLoader: ImgUtil.dll/DecodeImage
DynamicLoader: WININET.dll/InternetUnlockRequestFile
DynamicLoader: msimg32.dll/AlphaBlend
DynamicLoader: WININET.dll/InternetGetConnectedState
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/URLDownloadToCacheFileW
DynamicLoader: DWMAPI.DLL/DwmInvalidateIconicBitmaps
DynamicLoader: WININET.dll/SetUrlCacheEntryGroupW
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/VariantCopy
DynamicLoader: WININET.dll/InternetGetCookieExW
DynamicLoader: WININET.dll/InternetSetCookieExW
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: urlmon.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/IEDllLoader
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetGetSession
DynamicLoader: urlmon.dll/CopyBindInfo
DynamicLoader: urlmon.dll/CreateURLMoniker
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/ReleaseBindInfo
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: urlmon.dll/CoInternetCombineUrl
DynamicLoader: urlmon.dll/CoInternetGetSecurityUrl
DynamicLoader: urlmon.dll/IsValidURL
DynamicLoader: WININET.dll/InternetCrackUrlW
DynamicLoader: WININET.dll/InternetCreateUrlW
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/DllGetVersion
DynamicLoader: ncrypt.dll/SslDecrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslFreeObject
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
Performs HTTP requests potentially not found in PCAP.
url: spoprod-a.akamaihd.net:443//files/onedrive-website-release-prod_master_20190726.002//maincss-306e9206.css
url: spoprod-a.akamaihd.net:443//files/onedrive-website-release-prod_master_20190726.002/jquery-1.7.2-39eeb07e.js
url: spoprod-a.akamaihd.net:443//files/onedrive-website-release-prod_master_20190726.002/legacy_s_legacy-e428f2e2.js
url: spoprod-a.akamaihd.net:443//files/onedrive-website-release-prod_master_20190726.002/legacy1-1a09fb82.js
url: spoprod-a.akamaihd.net:443//files/onedrive-website-release-prod_master_20190726.002/legacy0-e2cc9701.js
url: onedrive.live.com:443//?authkey=%21AN32ekDWSO8VEck&cid=E8B0091C97F80BFE&id=E8B0091C97F80BFE%21111&parId=root&o=OneUp
url: onedrive.live.com:443//log
url: onedrive.live.com:443//handlers/clientstring.mvc?mkt=en-GB&group=wlive&v=19.301.0801.3003&useRequiresJs=False
url: p.sfx.ms:80//is/invis.gif
url: p.sfx.ms:80///SoftBlock/v1/main.png
url: p.sfx.ms:80//h/command5.png
url: p.sfx.ms:80//images/OneDriveLogoLight4.png
url: p.sfx.ms:80//h/logos5o.png
Stack pivoting was detected when using a critical API
process: iexplore.exe:1596

Screenshots


Hosts

Direct IP Country Name
N 93.184.220.29 [VT] Europe
Y 8.8.8.8 [VT] United States
N 204.79.197.200 [VT] United States
N 2.19.149.227 [VT] Europe
N 13.107.42.13 [VT] United States
N 104.86.110.73 [VT] Netherlands
N 104.86.110.235 [VT] Netherlands

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
onedrive.live.com [VT] CNAME odc-web-geo.onedrive.akadns.net [VT]
CNAME l-0004.l-msedge.net [VT]
A 13.107.42.13 [VT]
CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net [VT]
CNAME odc-web-brs.onedrive.akadns.net [VT]
ocsp.digicert.com [VT] A 93.184.220.29 [VT]
CNAME cs9.wac.phicdn.net [VT]
spoprod-a.akamaihd.net [VT] A 104.86.110.235 [VT]
CNAME spoprod-a.akamaihd.net.edgesuite.net [VT]
A 104.86.111.146 [VT]
CNAME a1531.g2.akamai.net [VT]
p.sfx.ms [VT] A 2.19.149.227 [VT]
CNAME e9244.g.akamaiedge.net [VT]
CNAME p.sfx.ms.edgekey.net [VT]
crl.microsoft.com [VT] A 104.86.110.73 [VT]
A 104.86.110.88 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

Summary

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE2603A0-D3AD-11E9-8662-000C2940B9FB}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\user\AppData\Local\Temp\~DF51DCCFB99B743E89.TMP
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\System32\url.dll
C:\Users\user\Favorites\Links
C:\
C:\Users
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
\??\MountPointManager
C:\Users\desktop.ini
C:\Users\user
C:\Users\user\Favorites
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\Favorites\Links\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE2603A1-D3AD-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF56A8DE122C60C418.TMP
C:\Users\user\Favorites\Links\Web Slice Gallery.url
C:\Users\user\AppData\Local\Microsoft\Feeds
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\Program Files (x86)\Internet Explorer\url.dll
C:\Users\user\Desktop\url.dll
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
C:\Users\user\AppData\Local\Temp\~DF0A7E8FB8B267A0F5.TMP
C:\Users\user\AppData\Local\Temp\~DF1E3C7FE48D866AE9.TMP
C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
C:\Users\user\AppData\Local\Temp\~DFA5F32D3217551C3D.TMP
C:\Users\user\AppData\Local\Temp\~DF6FD82FF7356A87B2.TMP
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Internet Explorer\iexplore.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)
C:\Program Files (x86)\Microsoft Office
C:\Program Files (x86)\Microsoft Office\Office14
C:\Program Files (x86)\Microsoft Office\Office14\*.*
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre7\bin\server\jvm.dll
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Windows\System32\en-US\WINHTTP.dll.mui
C:\Users\user\AppData\LocalLow
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[1].txt
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\onedrive_live_com[1].txt
C:\Windows\WindowsShell.manifest
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\onedrive_live_com[1].htm
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\maincss-306e9206[1].css
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE\
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\user\AppData\Local\Microsoft
C:\Users\user\AppData\Local\Microsoft\Internet Explorer
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\invis[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\c7[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\command5[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\logos5o[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\OneDriveLogoLight4[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\jquery-1.7.2-39eeb07e[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\main[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\legacy_s_legacy-e428f2e2[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6NWIC74\legacy1-1a09fb82[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\legacy0-e2cc9701[1].js
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[2].txt
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\clientstring[1].mvc
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\user\Desktop
C:\Users\Public\Desktop
C:\Users\Public
C:\Users\Public\desktop.ini
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Links
C:\Windows\sysnative\ieframe.dll
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Program Files (x86)\desktop.ini
C:\Program Files (x86)\Internet Explorer\iexplore.exe.Manifest
C:\program files (x86)\internet explorer\iexplore.exe
C:\program files (x86)\internet explorer\en-US\iexplore.exe.mui
C:\Windows\sysnative\Branding\Shellbrd\Shellbrd.dll
C:\Windows\Branding\ShellBrd\shellbrd.dll
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE2603A0-D3AD-11E9-8662-000C2940B9FB}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\user\AppData\Local\Temp\~DF51DCCFB99B743E89.TMP
C:\Windows\System32\url.dll
C:\
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users
C:\Users\user
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\Favorites
C:\Users\user\Favorites\Links\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE2603A1-D3AD-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF56A8DE122C60C418.TMP
C:\Users\user\Favorites\Links
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
C:\Users\user\AppData\Local\Temp\~DF0A7E8FB8B267A0F5.TMP
C:\Users\user\AppData\Local\Temp\~DF1E3C7FE48D866AE9.TMP
C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
C:\Users\user\AppData\Local\Temp\~DFA5F32D3217551C3D.TMP
C:\Users\user\AppData\Local\Temp\~DF6FD82FF7356A87B2.TMP
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
C:\Windows\System32\en-US\WINHTTP.dll.mui
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
C:\Windows\WindowsShell.manifest
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\onedrive_live_com[1].htm
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\maincss-306e9206[1].css
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\jquery-1.7.2-39eeb07e[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\legacy_s_legacy-e428f2e2[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6NWIC74\legacy1-1a09fb82[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\legacy0-e2cc9701[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\clientstring[1].mvc
C:\Users\Public\desktop.ini
C:\Users\Public
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Links
C:\Windows\sysnative\ieframe.dll
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Program Files (x86)\desktop.ini
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe.Manifest
C:\program files (x86)\internet explorer\iexplore.exe
C:\program files (x86)\internet explorer\en-US\iexplore.exe.mui
C:\Windows\Branding\ShellBrd\shellbrd.dll
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE2603A0-D3AD-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF51DCCFB99B743E89.TMP
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE2603A1-D3AD-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF56A8DE122C60C418.TMP
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
C:\Users\user\AppData\Local\Temp\~DF0A7E8FB8B267A0F5.TMP
C:\Users\user\AppData\Local\Temp\~DF1E3C7FE48D866AE9.TMP
C:\Users\user\AppData\Local\Temp\~DFA5F32D3217551C3D.TMP
C:\Users\user\AppData\Local\Temp\~DF6FD82FF7356A87B2.TMP
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[1].txt
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\onedrive_live_com[1].txt
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\maincss-306e9206[1].css
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\invis[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\c7[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\command5[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\logos5o[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\OneDriveLogoLight4[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\jquery-1.7.2-39eeb07e[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\main[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\legacy_s_legacy-e428f2e2[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6NWIC74\legacy1-1a09fb82[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\legacy0-e2cc9701[1].js
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[2].txt
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\clientstring[1].mvc
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[2].txt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE2603A0-D3AD-11E9-8662-000C2940B9FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Groups
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\EnabledScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Position
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\IE8RunOnceLastShown
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\IE8RunOnceLastShown
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\ConfiguredScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\User Favorites Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\UpgradeTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Migration
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseIE7AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchControlWidth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigrated
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedInstalled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Deleted
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SortIndex
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\TestHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\MarketingLinksMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\FeedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\CascadeFolderBands
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\CascadeFolderBands
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\DefaultItemWidth
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterTimerInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsThreshold
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\clsid
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Lang0409
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default Visible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\clsid
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Lang0409
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default Visible
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Icon
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEDevTools
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksExplorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\LinksExplorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Width
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Height
HKEY_CURRENT_USER\Software\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Classes\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
\xec\x86\x98\xc2\xabEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\DontUseDesktopChangeRouter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Marlett
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_CURRENT_USER\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\Forward
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib\Version
HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\UDTAlignmentPolicy
HKEY_CURRENT_USER\Software\Classes\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use FormSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Use FormSuggest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xee\x86\x98\xc2\xabEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_CLASSES_ROOT\MIME\Database\Content Type\image/x-icon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/x-icon\Extension
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsLastUsed
HKEY_CLASSES_ROOT\.url
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\(Default)
HKEY_CLASSES_ROOT\.url\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url
HKEY_CLASSES_ROOT\InternetShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\IconHandler\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\DocObject
HKEY_CLASSES_ROOT\SystemFileAssociations\.url
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\CLSID\(Default)
HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feeds
HKEY_CURRENT_USER\Software\Microsoft\Feeds
HKEY_CURRENT_USER\Software\Microsoft\Feeds\SyncStatus
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Version
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DownloadUpdates
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SQM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_CURRENT_USER\Software\Classes\AppID\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\74DD1FC8
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnablePreBinding
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\StatusBarWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\StatusBarWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBarLayout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{18df081c-e8ad-4283-a596-fa578c2ebdc3}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\AcroIEHelperShim.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32
\xea\xa1\x88\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b4f3a835-0e21-4959-ba22-42b3008e02ff}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\URLREDIR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dbc80044-a445-435b-bc74-9c25c1c588a9}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\jp2ssv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0\UseNewJavaPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0\JavaHome
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32
\xea\xa0\xa0\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32
\xea\xa5\xa8\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32
\xea\xa5\xa8\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32
\xea\x9c\x80\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\Software\Microsoft\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Feeds\UrlCacheVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Suggested Sites
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security
HKEY_CURRENT_USER\Software\Microsoft\Security
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InsecureQI
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iexplore_RASAPI32
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\EnableFileTracing
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\FileTracingMask
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\EnableConsoleTracing
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\ConsoleTracingMask
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\MaxFileSize
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA
HKEY_CLASSES_ROOT\AutoProxyTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\AllowConsecutiveSlashesInUrlPathComponent
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OptimisticBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\Feature_Enable_Compat_Logging
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MediaTypeClass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\https\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
\xe2\x84\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\AllSitesCompatibilityMode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IntranetCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\MenuUserExpanded
\xea\xb6\xa8\xc2\x9cEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-0c-29-dc-04-c0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\live.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C80120}
\xea\xac\x80\xc2\x9cEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivacyAdvanced
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html; charset=utf-8
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html; charset=utf-8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html; charset=utf-8
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*
HKEY_CLASSES_ROOT\.txt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Security\Floppy Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\about\
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\about
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnStartup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnZoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetZoomOnStartup2
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\PhishingFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SmartDithering
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SmartDithering
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseClearType
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Page_Transitions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Page_Transitions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Stylesheets
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseThemes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DxTrans
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\DxTrans
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Classes\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_STATUS_BAR_THROTTLING
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
\xed\x84\x98\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
\xed\x84\x98\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/css
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/css\Extension
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2000
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Default Behaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default Behaviors\discovery
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BINARY_CALLER_SERVICE_PROVIDER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BINARY_CALLER_SERVICE_PROVIDER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\*
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AutoRecover
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Recovery
HKEY_CLASSES_ROOT\MIME\Database\Content Type\image/gif
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/gif\Extension
HKEY_CLASSES_ROOT\MIME\Database\Content Type\image/png
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/png\Extension
\xef\xa4\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feed Discovery
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feed Discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Sound
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feed Discovery\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feed Discovery\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feeds
HKEY_CURRENT_USER\Software\Microsoft\Ftp
HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
HKEY_LOCAL_MACHINE\Software\Microsoft\Ftp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT
\xe3\x84\x90\xc2\x9dEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/javascript
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services\SelectionActivityButtonDisable
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Services
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Activities
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Activities
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Suggested Sites
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpUploadBufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\HttpUploadBufferSize
\xe2\x84\x90\xc2\x9dEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/javascript; charset=utf-8
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/javascript
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchProviders\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\NoStartPageAppUserModelIDs
HKEY_CLASSES_ROOT\Applications\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\UseExecutableForTaskbarGroupIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\TaskbarExceptionsIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\CheckSetting
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\SuppressionPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\UsersFiles\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\UsersFiles\NameSpace\DelegateFolders
HKEY_CLASSES_ROOT\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
HKEY_CURRENT_USER\Software\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward
HKEY_CURRENT_USER\Software\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win64
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win64\(Default)
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\EnableShareDenyNone
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_LOCAL_MACHINE\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Groups
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\EnabledScopes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Position
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\IE8RunOnceLastShown
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\IE8RunOnceLastShown
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\ConfiguredScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\User Favorites Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\UpgradeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseIE7AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchControlWidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigrated
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedInstalled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Deleted
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SortIndex
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\TestHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\MarketingLinksMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\FeedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\CascadeFolderBands
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\CascadeFolderBands
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\DefaultItemWidth
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterTimerInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Count
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default Visible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Count
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default Visible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Icon
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Width
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Height
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
\xec\x86\x98\xc2\xabEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\DontUseDesktopChangeRouter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\UDTAlignmentPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use FormSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Use FormSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xee\x86\x98\xc2\xabEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/x-icon\Extension
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsLastUsed
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\IconHandler\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Feeds\SyncStatus
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Version
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DownloadUpdates
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\74DD1FC8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnablePreBinding
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\StatusBarWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\StatusBarWeb
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBarLayout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\xea\xa1\x88\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0\UseNewJavaPlugin
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0\JavaHome
\xea\xa0\xa0\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
\xea\xa5\xa8\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
\xea\xa5\xa8\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
\xea\x9c\x80\xc2\x9cEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
\xea\x9c\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Feeds\UrlCacheVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InsecureQI
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\EnableFileTracing
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\FileTracingMask
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\EnableConsoleTracing
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\ConsoleTracingMask
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\MaxFileSize
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iexplore_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\xc4\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default
\xc4\x90\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\AllowConsecutiveSlashesInUrlPathComponent
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OptimisticBHO
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
\xe2\x84\x90\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\AllSitesCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IntranetCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\MenuUserExpanded
\xea\xb6\xa8\xc2\x9cEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C80120}
\xea\xac\x80\xc2\x9cEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivacyAdvanced
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
\xea\xac\x80\xc2\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnStartup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnZoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetZoomOnStartup2
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SmartDithering
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SmartDithering
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseClearType
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Page_Transitions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Page_Transitions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Stylesheets
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseThemes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201
\xed\x84\x98\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
\xed\x84\x98\xc2\x9eEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/css\Extension
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default Behaviors\discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\*
\xed\x84\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AutoRecover
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/gif\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/png\Extension
\xef\xa4\x98\xc2\x9eEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Sound
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Enabled
HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
\xe3\x84\x90\xc2\x9dEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services\SelectionActivityButtonDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpUploadBufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\HttpUploadBufferSize
\xe2\x84\x90\xc2\x9dEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\UseExecutableForTaskbarGroupIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win64\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\EnableShareDenyNone
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE2603A0-D3AD-11E9-8662-000C2940B9FB}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\UpgradeTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\FeedUrl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\CheckSetting
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\52C64B7E\LanguageList
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
iphlpapi.dll.GetAdaptersAddresses
dhcpcsvc.dll.DhcpRequestParams
comctl32.dll.LoadIconWithScaleDown
ieui.dll.InitGadgets
ieproxy.dll.DllGetClassObject
ieproxy.dll.DllCanUnloadNow
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
ole32.dll.CoInitializeEx
propsys.dll.PSGetPropertyKeyFromName
user32.dll.MsgWaitForMultipleObjectsEx
uxtheme.dll.OpenThemeData
comctl32.dll.#410
uxtheme.dll.IsAppThemed
comctl32.dll.ImageList_LoadImageW
comctl32.dll.ImageList_GetIconSize
uxtheme.dll.IsCompositionActive
uxtheme.dll.SetWindowTheme
comctl32.dll.ImageList_Create
comctl32.dll.ImageList_ReplaceIcon
oleaut32.dll.#10
comctl32.dll.ImageList_AddMasked
oleaut32.dll.#2
oleaut32.dll.#6
imm32.dll.ImmIsIME
urlmon.dll.CoInternetCreateSecurityManager
msctf.dll.SetInputScopes2
uxtheme.dll.EnableThemeDialogTexture
urlmon.dll.#408
ole32.dll.CreateBindCtx
comctl32.dll.#328
uxtheme.dll.IsThemeActive
comctl32.dll.#334
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
advapi32.dll.RegEnumKeyW
setupapi.dll.CM_Get_Device_Interface_List_ExW
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#332
comctl32.dll.#338
comctl32.dll.#386
comctl32.dll.#339
shell32.dll.#102
ole32.dll.CoUninitialize
ieui.dll.CreateGadget
ieui.dll.SetGadgetMessageFilter
ieui.dll.SetGadgetStyle
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PSPropertyBag_WriteStr
ieui.dll.SetGadgetRootInfo
ole32.dll.PropVariantClear
oleaut32.dll.#9
propsys.dll.PSPropertyBag_WriteGUID
propsys.dll.PSPropertyBag_ReadGUID
ole32.dll.CoRevokeInitializeSpy
xmllite.dll.CreateXmlReader
comctl32.dll.#388
xmllite.dll.CreateXmlReaderInputWithEncodingName
ieui.dll.FindStdColor
ieui.dll.InvalidateGadget
ieui.dll.SetGadgetParent
ieui.dll.GetGadgetTicket
ieui.dll.SetGadgetRect
urlmon.dll.#103
urlmon.dll.#105
kernel32.dll.GetThreadUILanguage
ole32.dll.CoRegisterInitializeSpy
shell32.dll.SHGetInstanceExplorer
wininet.dll.InternetSetOptionW
user32.dll.PostMessageW
user32.dll.PeekMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
ieui.dll.PeekMessageExW
ole32.dll.CoInitialize
ole32.dll.RegisterDragDrop
rpcrt4.dll.RpcBindingToStringBindingW
rpcrt4.dll.RpcStringBindingParseW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.I_RpcBindingInqLocalClientPID
rpcrt4.dll.RpcServerInqCallAttributesW
rpcrt4.dll.RpcImpersonateClient
rpcrt4.dll.RpcRevertToSelf
rpcrt4.dll.NdrServerCall2
rpcrt4.dll.RpcBindingInqObject
msfeeds.dll.MsfeedsCreateInstance
shell32.dll.SHGetSpecialFolderPathW
shell32.dll.#66
shell32.dll.SHGetFolderPathW
shell32.dll.SHCreateDirectoryExW
wininet.dll.FindFirstUrlCacheContainerW
wininet.dll.FindNextUrlCacheContainerW
wininet.dll.FindCloseUrlCache
msimg32.dll.GradientFill
gdi32.dll.GetTextExtentExPointWPri
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
user32.dll.GetWindowLongW
user32.dll.IsWindow
user32.dll.SendMessageW
rpcrt4.dll.RpcBindingFree
ieui.dll.WaitMessageEx
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID
advapi32.dll.RegQueryValueW
sxs.dll.SxsOleAut32MapIIDToTLBPath
advapi32.dll.RegOpenKeyW
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
sxs.dll.SxsOleAut32RedirectTypeLibrary
propsys.dll.PSStringFromPropertyKey
propsys.dll.PSGetPropertyDescription
propsys.dll.PropVariantToString
propsys.dll.InitPropVariantFromStringAsVector
propsys.dll.PSCoerceToCanonicalValue
usp10.dll.ScriptIsComplex
urlmon.dll.#420
urlmon.dll.#441
shell32.dll.SHGetKnownFolderPath
urlmon.dll.URLDownloadToFileW
urlmon.dll.CoInternetCreateZoneManager
urlmon.dll.CoInternetIsFeatureEnabledForUrl
msimg32.dll.AlphaBlend
urlmon.dll.CoInternetQueryInfo
comctl32.dll.ImageList_GetImageCount
comctl32.dll.HIMAGELIST_QueryInterface
urlmon.dll.CreateUri
wininet.dll.GetUrlCacheEntryInfoW
rpcrt4.dll.UuidCreateSequential
ole32.dll.StgOpenStorageEx
user32.dll.CharLowerW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext
crypt32.dll.CryptUnprotectData
cryptbase.dll.SystemFunction041
ieui.dll.FindGadgetFromPoint
ieui.dll.DUserSendEvent
ieui.dll.GetGadgetRect
advapi32.dll.EventWrite
advapi32.dll.EventRegister
advapi32.dll.EventUnregister
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.SetProcessDEPPolicy
user32.dll.SetProcessDPIAware
shell32.dll.SetCurrentProcessExplicitAppUserModelID
user32.dll.GetShellWindow
user32.dll.GetWindowThreadProcessId
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ieframe.dll.#251
kernel32.dll.WerSetFlags
comctl32.dll.PropertySheetW
comctl32.dll.PropertySheetA
comdlg32.dll.PageSetupDlgW
comdlg32.dll.PrintDlgW
ieshims.dll.IEShims_Initialize
kernel32.dll.VirtualProtect
user32.dll.SetWindowsHookExW
user32.dll.FindWindowExA
kernel32.dll.WaitForSingleObject
kernel32.dll.CreateProcessW
kernel32.dll.CreateProcessA
advapi32.dll.RegQueryValueA
ntdll.dll.LdrRegisterDllNotification
ole32.dll.CoGetApartmentType
comctl32.dll.#236
ole32.dll.CoGetMalloc
cryptbase.dll.SystemFunction036
kernel32.dll.WerRegisterMemoryBlock
kernel32.dll.WerUnregisterMemoryBlock
user32.dll.RegisterWindowMessageW
rpcrt4.dll.RpcServerUseProtseqW
rpcrt4.dll.RpcServerRegisterIfEx
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
rpcrt4.dll.RpcServerInqBindings
rpcrt4.dll.RpcEpRegisterW
rpcrt4.dll.RpcServerListen
user32.dll.RegisterClassExW
user32.dll.CreateWindowExW
user32.dll.DefWindowProcW
user32.dll.SetWindowLongW
urlmon.dll.#400
advapi32.dll.TraceMessage
advapi32.dll.TraceMessageVa
kernel32.dll.IsWow64Process
sqmapi.dll.SqmGetSession
sqmapi.dll.SqmEndSession
sqmapi.dll.SqmStartSession
sqmapi.dll.SqmStartUpload
sqmapi.dll.SqmWaitForUploadComplete
sqmapi.dll.SqmSet
sqmapi.dll.SqmSetBool
sqmapi.dll.SqmSetBits
sqmapi.dll.SqmSetString
sqmapi.dll.SqmIncrement
sqmapi.dll.SqmSetIfMax
sqmapi.dll.SqmSetIfMin
sqmapi.dll.SqmAddToAverage
sqmapi.dll.SqmAddToStreamDWord
sqmapi.dll.SqmAddToStreamString
sqmapi.dll.SqmSetAppId
sqmapi.dll.SqmSetAppVersion
sqmapi.dll.SqmSetMachineId
sqmapi.dll.SqmSetUserId
sqmapi.dll.SqmCreateNewId
sqmapi.dll.SqmReadSharedMachineId
sqmapi.dll.SqmReadSharedUserId
sqmapi.dll.SqmWriteSharedMachineId
sqmapi.dll.SqmWriteSharedUserId
sqmapi.dll.SqmIsWindowsOptedIn
advapi32.dll.OpenThreadToken
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
ntmarta.dll.GetMartaExtensionInterface
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
shell32.dll.SHChangeNotifyRegisterThread
comctl32.dll.#4
ieshims.dll.IEShims_SetRedirectRegistryForThread
apphelp.dll.ApphelpCheckShellObject
comctl32.dll.ImageList_Destroy
comctl32.dll.ImageList_Add
wininet.dll.GetUrlCacheEntryInfoExW
mlang.dll.#112
wininet.dll.GetUrlCacheEntryInfoExA
wininet.dll.InternetQueryOptionA
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
urlmon.dll.#104
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
acroiehelper.dll.StubInit
acroiehelper.dll.StubSetSite
acroiehelper.dll.StubOnQuit
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegEnumKeyA
advapi32.dll.RegEnumKeyExA
shlwapi.dll.PathFileExistsA
advapi32.dll.AddMandatoryAce
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
rasapi32.dll.RasEnumEntriesW
rtutils.dll.TraceRegisterExA
rasapi32.dll.RasConnectionNotificationW
rtutils.dll.TracePrintfExA
shlwapi.dll.PathCanonicalizeW
shlwapi.dll.PathRemoveFileSpecW
shlwapi.dll.PathFindFileNameW
sechost.dll.OpenServiceA
sechost.dll.NotifyServiceStatusChangeA
sensapi.dll.IsNetworkAlive
nlaapi.dll.NSPStartup
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
comctl32.dll.#8
urlmon.dll.CreateURLMonikerEx
urlmon.dll.CreateAsyncBindCtxEx
urlmon.dll.RegisterBindStatusCallback
urlmon.dll.CreateFormatEnumerator
urlmon.dll.UrlMkGetSessionOption
mlang.dll.#121
urlmon.dll.#444
urlmon.dll.#445
urlmon.dll.CreateIUriBuilder
urlmon.dll.IntlPercentEncodeNormalize
user32.dll.ChangeWindowMessageFilter
dwmapi.dll.DwmSetWindowAttribute
oleaut32.dll.#500
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BufferedPaintRenderAnimation
uxtheme.dll.BeginBufferedAnimation
uxtheme.dll.DrawThemeParentBackground
uxtheme.dll.EndBufferedAnimation
gdi32.dll.GdiIsMetaPrintDC
imm32.dll.ImmGetContext
cryptsp.dll.SystemFunction035
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
crypt32.dll.CertDuplicateStore
crypt32.dll.CertControlStore
crypt32.dll.CertCloseStore
secur32.dll.FreeContextBuffer
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
ncrypt.dll.SslLookupCipherSuiteInfo
crypt32.dll.CertDuplicateCertificateContext
wintrust.dll.HTTPSCertificateTrust
wintrust.dll.HTTPSFinalProv
wintrust.dll.SoftpubInitialize
wintrust.dll.SoftpubLoadMessage
wintrust.dll.SoftpubLoadSignature
wintrust.dll.SoftpubCheckCert
wintrust.dll.SoftpubCleanup
cryptsp.dll.CryptAcquireContextA
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
nsi.dll.NsiAllocateAndGetTable
cfgmgr32.dll.CM_Open_Class_Key_ExW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
nsi.dll.NsiFreeTable
winhttp.dll.WinHttpGetProxyForUrl
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
shlwapi.dll.StrStrIW
winhttp.dll.WinHttpQueryDataAvailable
winhttp.dll.WinHttpReadData
winhttp.dll.WinHttpCloseHandle
crypt32.dll.CertDuplicateCertificateChain
crypt32.dll.CertGetCertificateContextProperty
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertFreeCertificateContext
ncrypt.dll.SslEncryptPacket
ncrypt.dll.SslDecryptPacket
wininet.dll.GetUrlCacheEntryInfoA
wininet.dll.CommitUrlCacheEntryA
oleaut32.dll.#7
oleaut32.dll.#8
ieframe.dll.#302
urlmon.dll.RegisterFormatEnumerator
urlmon.dll.RevokeBindStatusCallback
urlmon.dll.#101
oleaut32.dll.VariantClear
urlmon.dll.CoInternetIsFeatureEnabled
wininet.dll.InternetGetSecurityInfoByURLW
crypt32.dll.CryptDecodeObject
crypt32.dll.CertGetNameStringW
urlmon.dll.#335
oleaut32.dll.#19
oleaut32.dll.#17
oleaut32.dll.#20
oleaut32.dll.#23
oleaut32.dll.#22
ole32.dll.CoGetObjectContext
oleaut32.dll.BSTR_UserSize
oleaut32.dll.BSTR_UserMarshal
oleaut32.dll.BSTR_UserUnmarshal
oleaut32.dll.BSTR_UserFree
oleaut32.dll.VARIANT_UserSize
oleaut32.dll.VARIANT_UserMarshal
oleaut32.dll.VARIANT_UserUnmarshal
oleaut32.dll.VARIANT_UserFree
oleaut32.dll.LPSAFEARRAY_UserSize
oleaut32.dll.LPSAFEARRAY_UserMarshal
oleaut32.dll.LPSAFEARRAY_UserUnmarshal
oleaut32.dll.LPSAFEARRAY_UserFree
urlmon.dll.#330
winhttp.dll.WinHttpTimeFromSystemTime
shell32.dll.#165
wininet.dll.CreateUrlCacheContainerW
oleaut32.dll.#4
imgutil.dll.DecodeImage
wininet.dll.InternetUnlockRequestFile
wininet.dll.InternetGetConnectedState
urlmon.dll.#414
urlmon.dll.#395
urlmon.dll.URLDownloadToCacheFileW
dwmapi.dll.DwmInvalidateIconicBitmaps
wininet.dll.SetUrlCacheEntryGroupW
urlmon.dll.#327
urlmon.dll.#351
urlmon.dll.#325
oleaut32.dll.VariantCopy
wininet.dll.InternetGetCookieExW
wininet.dll.InternetSetCookieExW
kernel32.dll.GetModuleHandleW
urlmon.dll.DllCanUnloadNow
urlmon.dll.IEDllLoader
urlmon.dll.CoInternetGetSession
urlmon.dll.CopyBindInfo
urlmon.dll.CreateURLMoniker
urlmon.dll.ReleaseBindInfo
urlmon.dll.CoInternetCombineUrl
urlmon.dll.CoInternetGetSecurityUrl
urlmon.dll.IsValidURL
wininet.dll.InternetCrackUrlW
wininet.dll.InternetCreateUrlW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegCloseKey
comctl32.dll.#17
comctl32.dll.DllGetVersion
ncrypt.dll.SslDecrementProviderReferenceCount
ncrypt.dll.SslFreeObject
ws2_32.dll.#116
ws2_32.dll.#3
Local\ZonesCounterMutex
Local\MSCTF.Asm.MutexDefault1
Local\RSS Eventing Connection Database Mutex 00000740
Local\Feed Eventing Shared Memory Mutex S-1-5-21-120665959-548228820-2376508522-1001
IESQMMUTEX_0_208
ConnHashTable<1856>_HashTable_Mutex
Local\c:!users!user!appdata!local!microsoft!feeds cache!
Local\Feed Arbitration Shared Memory Mutex [ User : S-1-5-21-120665959-548228820-2376508522-1001 ]
Local\Feeds Store Mutex S-1-5-21-120665959-548228820-2376508522-1001
Local\WininetStartupMutex
Local\!IETld!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!BrowserEmulation!SharedMemory!Mutex
Local\c:!users!user!appdata!roaming!microsoft!windows!privacie!
Local\c:!users!user!appdata!roaming!microsoft!windows!ietldcache!
MSIMGSIZECacheMutex

Process Tree

  • iexplore.exe 1856 "https://onedrive.live.com/?authkey=%21AN32ekDWSO8VEck&cid=E8B0091C97F80BFE&id=E8B0091C97F80BFE%21111&parId=root&o=OneUp"
  • explorer.exe 1632

iexplore.exe, PID: 1856, Parent PID: 2480
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https://onedrive.live.com/?authkey=%21AN32ekDWSO8VEck&cid=E8B0091C97F80BFE&id=E8B0091C97F80BFE%21111&parId=root&o=OneUp"
iexplore.exe, PID: 1596, Parent PID: 1856
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1856 CREDAT:79873
explorer.exe, PID: 1632, Parent PID: 1496
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE

Hosts

Direct IP Country Name
N 93.184.220.29 [VT] Europe
Y 8.8.8.8 [VT] United States
N 204.79.197.200 [VT] United States
N 2.19.149.227 [VT] Europe
N 13.107.42.13 [VT] United States
N 104.86.110.73 [VT] Netherlands
N 104.86.110.235 [VT] Netherlands

TCP

Source Source Port Destination Destination Port
192.168.35.21 49178 104.86.110.235 spoprod-a.akamaihd.net 443
192.168.35.21 49195 104.86.110.235 spoprod-a.akamaihd.net 443
192.168.35.21 49213 104.86.110.73 crl.microsoft.com 80
192.168.35.21 49171 13.107.42.13 onedrive.live.com 443
192.168.35.21 49204 13.107.42.13 onedrive.live.com 443
192.168.35.21 49182 2.19.149.227 p.sfx.ms 443
192.168.35.21 49183 2.19.149.227 p.sfx.ms 443
192.168.35.21 49184 2.19.149.227 p.sfx.ms 443
192.168.35.21 49185 2.19.149.227 p.sfx.ms 443
192.168.35.21 49186 2.19.149.227 p.sfx.ms 443
192.168.35.21 49188 2.19.149.227 p.sfx.ms 443
192.168.35.21 49168 204.79.197.200 www.bing.com 80
192.168.35.21 49172 93.184.220.29 ocsp.digicert.com 80

UDP

Source Source Port Destination Destination Port
192.168.35.21 53447 8.8.8.8 53
192.168.35.21 57255 8.8.8.8 53
192.168.35.21 58094 8.8.8.8 53
192.168.35.21 59473 8.8.8.8 53
192.168.35.21 65365 8.8.8.8 53
192.168.35.21 65426 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
onedrive.live.com [VT] CNAME odc-web-geo.onedrive.akadns.net [VT]
CNAME l-0004.l-msedge.net [VT]
A 13.107.42.13 [VT]
CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net [VT]
CNAME odc-web-brs.onedrive.akadns.net [VT]
ocsp.digicert.com [VT] A 93.184.220.29 [VT]
CNAME cs9.wac.phicdn.net [VT]
spoprod-a.akamaihd.net [VT] A 104.86.110.235 [VT]
CNAME spoprod-a.akamaihd.net.edgesuite.net [VT]
A 104.86.111.146 [VT]
CNAME a1531.g2.akamai.net [VT]
p.sfx.ms [VT] A 2.19.149.227 [VT]
CNAME e9244.g.akamaiedge.net [VT]
CNAME p.sfx.ms.edgekey.net [VT]
crl.microsoft.com [VT] A 104.86.110.73 [VT]
A 104.86.110.88 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

HTTP Requests

URI Data
http://www.bing.com/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.bing.com
Connection: Keep-Alive

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 May 2017 06:41:24 GMT
If-None-Match: "59097b94-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://crl.microsoft.com/pki/crl/products/WinPCA.crl
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 02 Dec 2015 18:30:06 GMT
If-None-Match: "0cb60772f2dd11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.35.21 49178 104.86.110.235 spoprod-a.akamaihd.net 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49195 104.86.110.235 spoprod-a.akamaihd.net 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49171 13.107.42.13 onedrive.live.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49204 13.107.42.13 onedrive.live.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49182 2.19.149.227 p.sfx.ms 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49183 2.19.149.227 p.sfx.ms 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49184 2.19.149.227 p.sfx.ms 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49185 2.19.149.227 p.sfx.ms 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49186 2.19.149.227 p.sfx.ms 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.35.21 49188 2.19.149.227 p.sfx.ms 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
File name search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
File Size 237 bytes
File Type PNG image data, 16 x 16, 4-bit colormap, non-interlaced
MD5 9fb559a691078558e77d6848202f6541
SHA1 ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
SHA256 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
CRC32 FC87942A
Ssdeep 6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
File Size 438 bytes
File Type data
MD5 ba6f9d0b75fba52b323b201c3585a90e
SHA1 200a6e14bef160220a54a527bdb16e3f307dda48
SHA256 eab4f50f65a347b015007771d67cf6d868caff8ac38f8b0de2d6dda29dca9c38
CRC32 2BFA79A5
Ssdeep 6:kKQzCw9uPJBfOAUMivhClroFluSaZH0lwKa2lWlAJ3yOsCpSIszIlBWlrqzMPM:9w9WmxMiv8sFluSEIM63B2clBWlCKM
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
File Size 1507 bytes
File Type data
MD5 e79c0d8d4171253d12f0e0e27826ba15
SHA1 43f9aa8b802f19040da181e913e2bbd7d698baab
SHA256 768e64403991316297c484f4b898214c341bdc96d757a97abb8f9e8b8b340474
CRC32 53F6531A
Ssdeep 24:C92KDESI0JMAEY1gOvboYgRDu6T997ZGm5sdkie784y02KDh6ruXfxdv1QnzTMG6:4D5bJwY1rboZRa6xV0Ddkd784yUDwu3f
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name user@live[1].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[2].txt
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name user@live[1].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[1].txt
File Size 64 bytes
File Type ASCII text
MD5 9562321a2dfb67b695964a79f6c33db8
SHA1 2b386fc9b7016123003ed501e57bfbcbc10acc3f
SHA256 6007486fdd9ebecc82688dd59d37d73baef74ccb127d1236c4f8053ee26a9d9e
CRC32 705AE528
Ssdeep 3:vpqMLJUQ2SCVdJhgqLRbJcD:vEMWXJdfgKRbGD
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
wla42

live.com/
1536
3027171584
30764346
1951740064
30762966
*
File name 7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
File Size 471 bytes
File Type data
MD5 02a60291b6cb07cef40b76341547cc7c
SHA1 885cb1c55cc372a63142162e90509a9ec2a551ae
SHA256 9d304f327f35e673e384c88b8897fdc1ec1fe61d293a55f02b70a4feaf264b54
CRC32 0D23AC14
Ssdeep 12:JD2+25J72+0i+bYR+jSWmHLUkbusOSniJbkQSOwL:JD2+2f72+v+jGWmHBtveSHL
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
File Size 434 bytes
File Type data
MD5 4394a73459a1fedca6690306e4a5a89b
SHA1 baf146e891b68c6dcf7dbbf242fbd4cc859fc2bd
SHA256 764d3c96037d3aeb93dfb1e716c88761dd85798d451288c8a02300eb4eeea367
CRC32 BF85B49A
Ssdeep 6:kK3OT95oJXlRNfOAUMivhClroFH7q0yNXImolv9RUuQ2vmLlMQ7lDlLQsa4qzK0:GSPmxMiv8sFbq0yNYmc3Q2zQl5Qp7K0
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name maincss-306e9206[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\maincss-306e9206[1].css
File Size 139328 bytes
File Type ASCII text, with very long lines, with no line terminators
MD5 306e9206269f60e985138daff588c381
SHA1 b0a13452a101546067f98c895c8aadec83ab28a5
SHA256 c1c386e0a32dd7b53e751e38e41090406b11f8e5076288ba669d20e2254e1ae9
CRC32 82F272E4
Ssdeep 1536:JYS6qxvJbU8zPImHvZtohtDq2ACa20eboBdiyMUWC8ErpH/TVTDrwCG0mJIkssgp:P6qxfB7
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
.c_if img{visibility:hidden;-ms-interpolation-mode:bicubic}.is_c{vertical-align:middle}.IE_M7 .is_c,.IE_M8 .is_c{vertical-align:text-top;padding-top:0}.is_o{position:relative;display:inline-block;vertical-align:text-bottom}.IE_M6 .is_hc *{visibility:inherit}.IE_M6 .is_o{vertical-align:middle}.is_i{display:block;overflow:hidden;position:absolute;left:0;top:0}.IE_M6 .is_i{position:relative}.is_i img{position:absolute!important;display:block;vertical-align:baseline}.is_p{display:none}.FF_M2 .is_o{position:absolute;display:inline}.FF_M2 .is_p{margin-top:3px;visibility:hidden;display:inline}.wl_bubble{width:0;height:0}.wl_bub_content{position:absolute;z-index:200;top:0;left:0;margin:0;width:300px;overflow-x:hidden;min-height:50px;height:auto;border:2px solid #1A1A1A;background-color:#FCFCFC;word-wrap:break-word}.wl_bub_content p{margin:0}.wl_bub_bk_outline{position:absolute;border:10px solid;width:0;height:0}.wl_bub_bk_cover{position:absolute;border:8px solid;width:0;height:0}.wl_bub_html{padding-top:17px;padding-right:20px;padding-left:20px}.wl_bub_buttons{padding:14px 10px 20px;height:28px}.wl_bub_button{max-width:180px;min-width:84px;height:28px;padding-right:10px;padding-left:10px}.IE .wl_bub_button,.IE .wl_bub_buttons{margin-right:10px;margin-left:10px;padding-right:0;padding-left:0}.IE .wl_bub_button .default{float:right}.LineHeightTight{line-height:110%}.LineHeightStandard{line-height:142%}.LineHeightLoose{line-height:178%}.LineHeightXLoose{line-height:200%}.TextBold,.TextSemiBold{font-family:"Segoe UI Web Semibold","Segoe UI Web Regular","Segoe UI","Segoe UI Symbol",HelveticaNeue-Medium,"Helvetica Neue",Arial,sans-serif;font-weight:700}.TextBoldI{font-family:"Segoe UI Web Semibold","Segoe UI Web Regular","Segoe UI","Segoe UI Symbol",HelveticaNeue-Medium,"Helvetica Neue",Arial,sans-serif!important;font-weight:700}.TextLight{font-family:"Segoe UI Web Light","Segoe UI Web Regular","Segoe UI","Segoe UI Symbol",HelveticaNeue-Light,"Helvetica Neue",Arial,sans-serif}.TextLightI{font-family:"Segoe UI Web Light","Segoe UI Web Regular","Segoe UI","Segoe UI Symbol",HelveticaNeue-Light,"Helvetica Neue",Arial,sans-serif!important}.TextItalic{font-style:italic}.TextNormal{font-weight:400;font-style:normal;white-space:normal;text-transform:none;letter-spacing:normal}.TextHighlight{color:#f07522;font-weight:700}.TextAdLabel{font-size:86%;text-transform:uppercase;color:#666}.TextDefinition{background:url(hig/img/definitionUnderline.gif) bottom repeat-x}.L_FloatLeft{float:left}.L_FloatRight{float:right}.L_TextAlignLeft{text-align:left}.L_TextAlignRight{text-align:right}.c_clr{clear:both;display:block}.TextSizeSmall,.TextSizeXSmall{font-size:86%}.TextSizeNormal{font-size:100%}.TextSizeLarge{font-size:150%}.TextSizeXLarge,.TextSizeXXLarge,.TextSizeXXXLarge{font-size:192%}.TextSizeNormalPlus{font-size:100%}.AppLink:visited{color:inherit}@font-face{font-family:"Segoe UI Web Light";src:local("Segoe UI Light"),local("Segoe UI"),local("HelveticaNeue-Light"),local("Arial");font-style:normal;font-weight:100}@font-face{font-family:"Segoe UI Web Regular";src:local("Segoe UI"),local("Helvetica Neue"),local("Arial");font-style:normal;font-weight:400}@font-face{font-family:"Segoe UI Web Semibold";src:local("Segoe UI Semibold"),local("Segoe UI Bold"),local("Segoe UI"),local("HelveticaNeue-Medium"),local("Arial");font-style:normal;font-weight:700}.c_ln{background:#f3f3f3;padding-top:6px;height:100%}.c_ln h2{padding-left:20px;color:#666!important;margin-top:2px}.c_n{margin:4px 0 0;padding:0;width:180px}.c_ln .c_n li a,.c_n .link{display:block;border:0;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;-o-text-overflow:ellipsis;height:30px;line-height:30px;cursor:pointer;padding-left:20px}.c_n .link:hover,.c_n a:hover{text-decoration:none;background:#e7e7e7!important}.c_ln .c_n li span:hover{text-decoration:none}.c_n ul{margin:0;padding:0;display:none}.c_n li{list-style:none;padding:0;margin:0;zoom:1}.c_n li.active>.link,.c_n li.active>a{background:#d4d4d4}.c_ln .c_n ul li a,.c_n ul li .link{padding-left:30px}.c_mcc{width:100%;text-align:left}.c_mcc H3 A,.c_mcc H3 A:visited{zoom:1;margin-right:10px}.c_mcc .logoimg{border:0}.c_mcc .titlearea{display:block}.c_mcc .titlearea h3{color:#666!important}.c_mcc .imagearea{float:none;display:inline;vertical-align:middle}.c_mcc .contentarea{display:table;height:100%;width:100%;font-size:86%}.c_mccimage{display:inline;float:left;vertical-align:middle;width:90px;margin-right:8px;margin-left:0;margin-bottom:8px;text-align:left;border:1px solid #ccc}.c_mcc a{margin:0;padding:0;border-width:0;color:#000}.c_mcc a:hover,.c_mcc a:visited{color:#000}.c_mcc UL{height:100%;list-style:none none outside;vertical-align:top;margin:0;padding:0;display:table}.NotificationBase{z-index:2400000}.NotificationBase BUTTON{min-width:90px}.IE_M7 .NotificationBase BUTTON{overflow:visible;padding:0 5px}.NotificationBase.NotificationBar{width:100%}.NotificationBase.NotificationBar .OuterContainer{background-color:#fff}.NotificationBase.NotificationBar .InnerContainer{margin:auto;position:relative}.rtl.IE_M7 .NotificationBase.NotificationBar.TopBar{background-color:#fff}.NotificationBase.NotificationBar .InnerContainer.WithMinWidth{min-width:860px}.NotificationBase.NotificationBar .InnerContainer .Content{position:relative}.NotificationBase.NotificationBar .InnerContainer .Content.MinWidth{margin:auto;width:860px}.NotificationBase.NotificationBar .InnerContainer .Content.NormalWidth{margin-left:60px;margin-right:60px}.NotificationBase.NotificationBar .InnerContainer .Content.WideWidth{margin-left:auto;margin-right:auto}.NotificationBase.NotificationBar .InnerContainer .Content .UserArea{color:#000;font-size:100%;line-height:142%;padding:14px 20px 16px}.NotificationBase.NotificationBar .InnerContainer .Content .UserArea .UserContent{display:inline-block}.NotificationBase.NotificationBar .InnerContainer .Content.MinWidth.NoButton .UserArea .UserContent{width:100%;text-align:center}.IE_M7 .NotificationBase.NotificationBar .InnerContainer .Content .UserArea .UserContent{display:inline}.NotificationBase.NotificationBar .InnerContainer .Content.Collapsed .UserArea .Clipper{overflow:hidden;text-overflow:clip;height:1.6em}.NotificationBase.NotificationBar .InnerContainer .Content.Collapsed .UserArea .Clipper.ShowEllipsis .UserContent{text-overflow:ellipsis;overflow:hidden;white-space:nowrap}.NotificationBase.NotificationBar.TopBar{position:fixed!important}.NotificationBase.NotificationBar.TopBar .InnerContainer .Content .ButtonArea{top:12px}.NotificationBase.NotificationBar.BottomBar .InnerContainer .Content .ButtonArea{bottom:10px}.NotificationBase.NotificationBar .InnerContainer .Content .ButtonArea{position:absolute;text-align:right;right:0}.NotificationBase.NotificationBar .InnerContainer .Content .ButtonArea BUTTON{margin:0 10px}.NotificationBase.NotificationBar.TopBar .InnerContainer .Content .Expand{top:0}.NotificationBase.NotificationBar.BottomBar .InnerContainer .Content .Expand{bottom:18px}.NotificationBase.NotificationBar .InnerContainer .Content .Expand{position:absolute;border:0;margin:17px 20px 0;height:15px;width:12px;display:none;right:0}.NotificationBase.NotificationBar .InnerContainer .Content .Expand.ShowImage{background-image:url(hig/img/chevron_assets_strip.png)}.NotificationBase.NotificationBar.BottomBar .InnerContainer .Content .Expand,.NotificationBase.NotificationBar.TopBar .InnerContainer .Content.Collapsed .Expand{background-position:-120px 0}.NotificationBase.NotificationBar.BottomBar .InnerContainer .Content.Collapsed .Expand,.NotificationBase.NotificationBar.TopBar .InnerContainer .Content .Expand{background-position:-132px 0}.NotificationBase.TopBar{border-bottom:2px solid #000}.NotificationBase.BottomBar{top:auto;position:fixed!important;border-top:2px solid #000}.IE_M7 .NotificationBase.BottomBar,.IE_M8 .NotificationBase.BottomBar{bottom:0}.NotificationBase.DropDown,.NotificationBase.Flyout{z-index:2500100}.NotificationBase.DropDown .OuterContainer,.NotificationBase.Flyout .OuterContainer{background-color:#fff;border:1px solid #000}.NotificationBase.Flyout .OuterContainer{margin:5px;outline:0}.NotificationBase.DropDown .InnerC <truncated>
File name MSIMGSIZ.DAT
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
File Size 16384 bytes
File Type data
MD5 0cf9ea053bdfba12814049c64f7ab45a
SHA1 2c3dae6af5ed25316078f3d44519d387a5f0bb00
SHA256 bd6776afccf940809189767c68089f4dfbd18327c443de60443d42969338b8bb
CRC32 CB138BF2
Ssdeep 12:Oa6I/10s1KXPeNU/N6/aXAk6ylXPtDYNls6ss+wsLaSP/0otIltet+4bRsWdf8qY:xJHu9QqlC3LwAOMSoye7z2lzdG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name command5[1].png
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\command5[1].png
File Size 3872 bytes
File Type PNG image data, 217 x 64, 8-bit/color RGBA, non-interlaced
MD5 67f6ab41321210697f45ad8412ec6896
SHA1 2c0b9c74ea0b53412407038d4f97dbf27cc3c8b5
SHA256 fa2812dcf55c99cefe93319f1992b381e6f4203d7cebb61308d35f335934d953
CRC32 37A881AC
Ssdeep 96:rY2cMHZam26EVr6Hw7+QBPFZ8Z54MKYUunb9HACekMVp:rVbEVm1QfGT4MKYZJap
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name c7[1].png
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\c7[1].png
File Size 5337 bytes
File Type PNG image data, 285 x 65, 8-bit/color RGBA, non-interlaced
MD5 d982209aa90debdedbb71ac66aa5499e
SHA1 0a8c3936669c959b53f7a13ef751f277d600e91c
SHA256 639b06d02e6139d78e0eaeb0f8a31d96af88a0882d8036c5a6b45d10c3e321a3
CRC32 672AA7E4
Ssdeep 96:wurkitjAJN8+A8gbMGBv1YftRfp8RSaF2dmQik+L9fboEsvXmYozuKHf7Rqw2ysL:rRA3HA81GpqFj8RSeQik09z57zuKHf7W
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name invis[1].gif
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\invis[1].gif
File Size 43 bytes
File Type GIF image data, version 89a, 1 x 1
MD5 74996e793f8888edd815ccfed177f5ee
SHA1 376e57f850a242cf780f6904ef4b54f0587067df
SHA256 cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c
CRC32 EEBA6615
Ssdeep 3:CUnaaaAQaJ9pse:nDJLse
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name logos5o[1].png
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\logos5o[1].png
File Size 9157 bytes
File Type PNG image data, 456 x 342, 8-bit/color RGBA, non-interlaced
MD5 53fb2c0a59edb7c096ba4735cf01e40c
SHA1 ff1f731714d8ad0978251316a8eece63beefdf6d
SHA256 92e888a06fe87ac05ad41521bf48534e2589d263ffceb4218caa479f28f4fc10
CRC32 69720C24
Ssdeep 192:43LzYo74dHo9DaTWbDx+hsVd27KIcR1SgGTGdyT6jN1Kk:43LzhxQTcDxYu+TGdFDb
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name OneDriveLogoLight4[1].png
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\OneDriveLogoLight4[1].png
File Size 881 bytes
File Type PNG image data, 88 x 34, 8-bit/color RGBA, non-interlaced
MD5 a3fcc3b7e49c0562f2cadee744cffb11
SHA1 247cc3687640f03f8e9ba7764f34c5b2dce098dd
SHA256 f393d34deb9194264b81ee3d939301c39f9b8a892811c0d5d20aa2030474bbbe
CRC32 06E72CC9
Ssdeep 24:XbWsoBePy5a9QWUUMez8dPybJOhiLFjFP:Rq1rUPoPyQhiLFB
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name main[1].png
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\main[1].png
File Size 14682 bytes
File Type PNG image data, 382 x 340, 8-bit/color RGBA, non-interlaced
MD5 8d20cb2e557fdd5f321e3c62c0933a49
SHA1 41605f69d79e3c4af6d9661c20951dccaf3377db
SHA256 68ba43e5b3b5b8656888fbfacff588c9294a0a100667591bc69488130772dafd
CRC32 D9D5C701
Ssdeep 384:xM6riC2rfcfCwb/IqdFduX8hGLsykwLFJYlAO6Jty:evFf4b/PFdT2aMNJE
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name jquery-1.7.2-39eeb07e[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\jquery-1.7.2-39eeb07e[1].js
File Size 94124 bytes
File Type UTF-8 Unicode text, with very long lines
MD5 39eeb07e6802e2b57f5e10a9ad9bca24
SHA1 cd952a05fd3da2945c372f5b9701f0145bf3c82f
SHA256 d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f
CRC32 C591BEF3
Ssdeep 1536:5IE3Hz9WAJ0A7W+pR5YghP4Crd+uhGJ0jxM+1AZx5g6yWf9qOmRaliJl1m9Yjq+H:t5Ygh4YGn+0m3qIX8kbP3V1v
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
!function(e,t){function n(e){var t,n,r=O[e]={};for(e=e.split(/\s+/),t=0,n=e.length;n>t;t++)r[e[t]]=!0;return r}function r(e,n,r){if(r===t&&1===e.nodeType){var i="data-"+n.replace(q,"-$1").toLowerCase();if(r=e.getAttribute(i),"string"==typeof r){try{r="true"===r?!0:"false"===r?!1:"null"===r?null:H.isNumeric(r)?+r:P.test(r)?H.parseJSON(r):r}catch(o){}H.data(e,n,r)}else r=t}return r}function i(e){for(var t in e)if(("data"!==t||!H.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;return!0}function o(e,t,n){var r=t+"defer",i=t+"queue",o=t+"mark",a=H._data(e,r);!a||"queue"!==n&&H._data(e,i)||"mark"!==n&&H._data(e,o)||setTimeout(function(){H._data(e,i)||H._data(e,o)||(H.removeData(e,r,!0),a.fire())},0)}function a(){return!1}function s(){return!0}function l(e){return!e||!e.parentNode||11===e.parentNode.nodeType}function u(e,t,n){if(t=t||0,H.isFunction(t))return H.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return H.grep(e,function(e,r){return e===t===n});if("string"==typeof t){var r=H.grep(e,function(e){return 1===e.nodeType});if(ce.test(t))return H.filter(t,r,!n);t=H.filter(t,r)}return H.grep(e,function(e,r){return H.inArray(e,t)>=0===n})}function c(e){var t=he.split("|"),n=e.createDocumentFragment();if(n.createElement)for(;t.length;)n.createElement(t.pop());return n}function f(e,t){return H.nodeName(e,"table")?e.getElementsByTagName("tbody")[0]||e.appendChild(e.ownerDocument.createElement("tbody")):e}function d(e,t){if(1===t.nodeType&&H.hasData(e)){var n,r,i,o=H._data(e),a=H._data(t,o),s=o.events;if(s){delete a.handle,a.events={};for(n in s)for(r=0,i=s[n].length;i>r;r++)H.event.add(t,n,s[n][r])}a.data&&(a.data=H.extend({},a.data))}}function p(e,t){var n;1===t.nodeType&&(t.clearAttributes&&t.clearAttributes(),t.mergeAttributes&&t.mergeAttributes(e),n=t.nodeName.toLowerCase(),"object"===n?t.outerHTML=e.outerHTML:"input"!==n||"checkbox"!==e.type&&"radio"!==e.type?"option"===n?t.selected=e.defaultSelected:"input"===n||"textarea"===n?t.defaultValue=e.defaultValue:"script"===n&&t.text!==e.text&&(t.text=e.text):(e.checked&&(t.defaultChecked=t.checked=e.checked),t.value!==e.value&&(t.value=e.value)),t.removeAttribute(H.expando),t.removeAttribute("_submit_attached"),t.removeAttribute("_change_attached"))}function h(e){return"undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName("*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll("*"):[]}function m(e){"checkbox"!==e.type&&"radio"!==e.type||(e.defaultChecked=e.checked)}function g(e){var t=(e.nodeName||"").toLowerCase();"input"===t?m(e):"script"!==t&&"undefined"!=typeof e.getElementsByTagName&&H.grep(e.getElementsByTagName("input"),m)}function y(e){var t=F.createElement("div");return Ae.appendChild(t),t.innerHTML=e.outerHTML,t.firstChild}function v(e,t,n){var r="width"===t?e.offsetWidth:e.offsetHeight,i="width"===t?1:0,o=4;if(r>0){if("border"!==n)for(;o>i;i+=2)n||(r-=parseFloat(H.css(e,"padding"+We[i]))||0),"margin"===n?r+=parseFloat(H.css(e,n+We[i]))||0:r-=parseFloat(H.css(e,"border"+We[i]+"Width"))||0;return r+"px"}if(r=Le(e,t),(0>r||null==r)&&(r=e.style[t]),Oe.test(r))return r;if(r=parseFloat(r)||0,n)for(;o>i;i+=2)r+=parseFloat(H.css(e,"padding"+We[i]))||0,"padding"!==n&&(r+=parseFloat(H.css(e,"border"+We[i]+"Width"))||0),"margin"===n&&(r+=parseFloat(H.css(e,n+We[i]))||0);return r+"px"}function b(e){return function(t,n){if("string"!=typeof t&&(n=t,t="*"),H.isFunction(n))for(var r,i,o,a=t.toLowerCase().split(tt),s=0,l=a.length;l>s;s++)r=a[s],o=/^\+/.test(r),o&&(r=r.substr(1)||"*"),i=e[r]=e[r]||[],i[o?"unshift":"push"](n)}}function x(e,n,r,i,o,a){o=o||n.dataTypes[0],a=a||{},a[o]=!0;for(var s,l=e[o],u=0,c=l?l.length:0,f=e===ot;c>u&&(f||!s);u++)s=l[u](n,r,i),"string"==typeof s&&(!f||a[s]?s=t:(n.dataTypes.unshift(s),s=x(e,n,r,i,s,a)));return!f&&s||a["*"]||(s=x(e,n,r,i,"*",a)),s}function T(e,n){var r,i,o=H.ajaxSettings.flatOptions||{};for(r in n)n[r]!==t&&((o[r]?e:i||(i={}))[r]=n[r]);i&&H.extend(!0,e,i)}function w(e,t,n,r){if(H.isArray(t))H.each(t,function(t,i){n||Xe.test(e)?r(e,i):w(e+"["+("object"==typeof i?t:"")+"]",i,n,r)});else if(n||"object"!==H.type(t))r(e,t);else for(var i in t)w(e+"["+i+"]",t[i],n,r)}function N(e,n,r){var i,o,a,s,l=e.contents,u=e.dataTypes,c=e.responseFields;for(o in c)o in r&&(n[c[o]]=r[o]);for(;"*"===u[0];)u.shift(),i===t&&(i=e.mimeType||n.getResponseHeader("content-type"));if(i)for(o in l)if(l[o]&&l[o].test(i)){u.unshift(o);break}if(u[0]in r)a=u[0];else{for(o in r){if(!u[0]||e.converters[o+" "+u[0]]){a=o;break}s||(s=o)}a=a||s}return a?(a!==u[0]&&u.unshift(a),r[a]):void 0}function C(e,n){e.dataFilter&&(n=e.dataFilter(n,e.dataType));var r,i,o,a,s,l,u,c,f=e.dataTypes,d={},p=f.length,h=f[0];for(r=1;p>r;r++){if(1===r)for(i in e.converters)"string"==typeof i&&(d[i.toLowerCase()]=e.converters[i]);if(a=h,h=f[r],"*"===h)h=a;else if("*"!==a&&a!==h){if(s=a+" "+h,l=d[s]||d["* "+h],!l){c=t;for(u in d)if(o=u.split(" "),(o[0]===a||"*"===o[0])&&(c=d[o[1]+" "+h])){u=d[u],u===!0?l=c:c===!0&&(l=u);break}}l||c||H.error("No conversion from "+s.replace(" "," to ")),l!==!0&&(n=l?l(n):c(u(n)))}}return n}function E(){try{return new e.XMLHttpRequest}catch(t){}}function k(){try{return new e.ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}function S(){return setTimeout(A,0),yt=H.now()}function A(){yt=t}function L(e,t){var n={};return H.each(Tt.concat.apply([],Tt.slice(0,t)),function(){n[this]=e}),n}function D(e){if(!vt[e]){var t=F.body,n=H("<"+e+">").appendTo(t),r=n.css("display");n.remove(),"none"!==r&&""!==r||(ht||(ht=F.createElement("iframe"),ht.frameBorder=ht.width=ht.height=0),t.appendChild(ht),mt&&ht.createElement||(mt=(ht.contentWindow||ht.contentDocument).document,mt.write((H.support.boxModel?"<!doctype html>":"")+"<html><body>"),mt.close()),n=mt.createElement(e),mt.body.appendChild(n),r=H.css(n,"display"),t.removeChild(ht)),vt[e]=r}return vt[e]}function j(e){return H.isWindow(e)?e:9===e.nodeType?e.defaultView||e.parentWindow:!1}var F=e.document,M=e.navigator,_=e.location,H=function(){function n(){if(!s.isReady){try{F.documentElement.doScroll("left")}catch(e){return void setTimeout(n,1)}s.ready()}}var r,i,o,a,s=function(e,t){return new s.fn.init(e,t,r)},l=e.jQuery,u=e.$,c=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,f=/\S/,d=/^\s+/,p=/\s+$/,h=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,m=/^[\],:{}\s]*$/,g=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,y=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,v=/(?:^|:|,)(?:\s*\[)+/g,b=/(webkit)[ \/]([\w.]+)/,x=/(opera)(?:.*version)?[ \/]([\w.]+)/,T=/(msie) ([\w.]+)/,w=/(mozilla)(?:.*? rv:([\w.]+))?/,N=/-([a-z]|[0-9])/gi,C=/^-ms-/,E=function(e,t){return(t+"").toUpperCase()},k=M.userAgent,S=Object.prototype.toString,A=Object.prototype.hasOwnProperty,L=Array.prototype.push,D=Array.prototype.slice,j=String.prototype.trim,_=Array.prototype.indexOf,H={};return s.fn=s.prototype={constructor:s,init:function(e,n,r){var i,o,a,l;if(!e)return this;if(e.nodeType)return this.context=this[0]=e,this.length=1,this;if("body"===e&&!n&&F.body)return this.context=F,this[0]=F.body,this.selector=e,this.length=1,this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:c.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1])return n=n instanceof s?n[0]:n,l=n?n.ownerDocument||n:F,a=h.exec(e),a?s.isPlainObject(n)?(e=[F.createElement(a[1])],s.fn.attr.call(e,n,!0)):e=[l.createElement(a[1])]:(a=s.buildFragment([i[1]],[l]),e=(a.cacheable?s.clone(a.fragment):a.fragment).childNodes),s.merge(this,e);if(o=F.getElementById(i[2]),o&&o.parentNode){if(o.id!==i[2])return r.find(e);this.length=1,this[0]=o}return this.context=F,this.selector=e,this}return s.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),s.makeArray(e,this))},selector:"",jquery:"1.7.2",length:0,size:function(){return this.length},toArray:function(){return D.call(this,0)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e,t,n){var r=this.constructor();return s.isArray(e)?L.apply(r,e):s.merge(r,e),r.prevObject=this,r.context=this.context,"find"===t?r.selector=this.selector+(this.selector?" ":"")+n:t&&(r.selector=this.selec <truncated>
File name legacy_s_legacy-e428f2e2[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\legacy_s_legacy-e428f2e2[1].js
File Size 50152 bytes
File Type ASCII text, with very long lines
MD5 e428f2e285e01210dd3973ff761b87f0
SHA1 a9a9a5827cd6f0488244dd1f4a24f12252c81e3e
SHA256 d99623aba05a3d0cf5136c6c3f36480157398125156736f9990b2f023baeb3c2
CRC32 8392E11C
Ssdeep 1536:mj6GEXf2gteerr3p5NMO9XIOOBLtKqOAoW6RkGO1nR7:A6f2YrZjZIXPKU
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
define("postcookietoss.inline",["wliveloaded"],function(){!function(){function e(){var e=s("cookieStyle"),t=new RegExp("^http(?:s)?://(?:[A-Za-z0-9]*[.])*livefilestore(?:-int)?[.]com/","i");if(e){e.parentNode.removeChild(e);for(var n=document.getElementsByTagName("img"),i=0,r=n.length;r>i;i++){var a=n[i];a.src&&t.test(a.src)&&(a.style.visiblity="hidden",u.push(a))}}else o()}function t(){n(u,0,u.length),o()}function n(e,t,o){for(var r=Math.min(o,t+l);r>t;){var s=e[t];i(s),t++}setTimeout(function(){n(e,t,o)},0)}function i(e){function t(){e.style.visiblity="visible",i.onload=i.onerror=i.onabort=null,e.onload=e.onerror=e.onabort=null,i=e=null}function n(e){var n=e.src;e.onload=e.onerror=e.onabort=t,e.src=n+(n.indexOf("?")<0?"?":"&")+"r"+Math.random()}var i=new Image;i.onload=function(){e.src=e.src,t()},i.onerror=function(){n(e)},i.onabort=function(){t()},i.src=e.src}function o(){var e=s("temp_slideshow"),t=s("sl_slideshow"),n=s("slideshowTemplate");e&&t&&n&&(t.innerHTML=n.innerHTML,e.parentNode.removeChild(e))}var r=window,s=function(e){return r.document.getElementById(e)},a=r.cookieToss,l=10,u=[];!function c(){var n=document.getElementById("c_content");n&&n.parentNode&&n.parentNode.nextSibling?(e(),a&&(r.cookieToss.e?(r.cookieToss.e=0,r.cookieToss.c=1,t()):r.cookieToss.c||(r.cookieToss.c=t))):setTimeout(c,100)}()}()}),define("livefolders",["postcookietoss.inline"],function(){var e=window;e.registerNamespace||(e.registerNamespace=Function.registerNamespace=function(e){for(var t=window,n=e.split("."),i=n.length,o=0;i>o;o++){var r=n[o];t[r]||(t[r]={}),t=t[r]}}),e.stopDefaultAction=function(e){return e&&"function"==typeof e.preventDefault?e.preventDefault():window.event.returnValue=!1,!1},e._ge=function(e){return"object"==typeof e?e:document.getElementById(e)},e.loadScript=function(e){var t=document,n=t.getElementsByTagName("head")[0],i=t.createElement("script");return i.src=e,n.appendChild(i),i},e.getText=function(e){return document.all?e.innerText:e.textContent},e.setText=function(e,t){document.all?e.innerText=t:e.textContent=t},e.isDescendantOf=function(e,t){for(e=e.parentNode;null!=e;){if(e.tagName==t)return!0;e=e.parentNode}return!1},e.setDisplay=function(e,t){e.style.display=t?"block":"none"},e.resetDisplay=function(e){e.style.display=""},e.setVisibility=function(e,t){e.style.visibility=t?"visible":"hidden"},e.resetVisibility=function(e){e.style.visibility=""},e.getTickCount=function(){var e=new Date;return e.getTime()},e.isNullOrEmpty=function(e){return void 0===e||null===e||0===e.length},e.first=function(e){return e&&e[0]?e[0]:null},Array.prototype.indexOf||(Array.prototype.indexOf=function(e,t){var n=this.length;if(0!=n){t=t||0,0>t&&(t=Math.max(0,n+t));for(var i=t;n>i;i++)if(this[i]==e)return i}return-1}),e.HideElement=function(e){e&&(addCssClass(e,"displayInvisible"),removeCssClass(e,"displayVisible"))},e.ShowElement=function(e){e&&(removeCssClass(e,"displayInvisible"),addCssClass(e,"displayVisible"))},e.selectNodes=function(e,t,n,i){t||(t=function(){return!0}),n||(n="*");var o=[];if(document.evaluate&&i)for(var r=document.evaluate(i,e,null,0,null),s=r.iterateNext();s;)o.push(s),s=r.iterateNext();else for(var a=e.getElementsByTagName(n),l=a.length,u=0;l>u;u++)t(a[u])&&o.push(a[u]);return o},e.elementHasClassName=function(e,t){return(e.className?e.className.split(" "):[]).indexOf(t)>-1},e.getChildByClassName=function t(e,n){if(e&&e.childNodes)for(var i=e.childNodes.length,o=0;i>o;o++){if(elementHasClassName(e.childNodes[o],n))return e.childNodes[o];var r=t(e.childNodes[o],n);if(null!=r)return r}return null},e.getChildrenByClassName=function n(e,t,i){if(i||(i=[]),e&&e.childNodes)for(var o=e.childNodes.length,r=0;o>r;r++)elementHasClassName(e.childNodes[r],t)&&(i[i.length]=e.childNodes[r]),n(e.childNodes[r],t,i);return i},e.addCssClass=function(e,t){if(null!=e.className){var n=e.className?e.className.split(" "):[],i=n.indexOf(t);-1===i&&(n.push(t),e.className=n.join(" "))}else e.className=t},e.removeCssClass=function(e,t){if(null!=e.className){var n=e.className.split(" "),i=n.indexOf(t);-1!==i&&(n.splice(i,1),e.className=n.join(" "))}},e.prepareSubmitOnce=function(e){var t=!e.submitted;return t&&(e.submitted=!0,disableButton("actionPageSubmit"),disableButton("secondaryActionPageSubmit"),disableButton("cancelSubmit")),t},e.trySubmit=function(e,t){var n=document.getElementById("aspnetForm");if(n.onsubmit()){if(e){var i=_ge("postVerb");i&&(i.value=e)}n.target=t||"_top",n.submit()}},e.trySubmitData=function(e,t){if(document.getElementById("aspnetForm").onsubmit()){if(t){var n=_ge("postVerbData");n&&(n.value=t)}if(e){var i=_ge("postVerb");i&&(i.value=e)}document.getElementById("aspnetForm").submit()}},e.focusAndSelectTextField=function(e){e&&(e.focus(),e.select())},e.runBatchOperation=function(e,t,n,i){var o=20,r=e.length,s=0,a=10;null!==n&&void 0!==n||(n=function(){});var l=function(){for(var u=0;o>u&&r>s;u++,s++)t(e[s],i,s);r>s?window.setTimeout(l,a):s==r&&n(i)};window.setTimeout(l,a)},e.hideButton=function(e){e=_ge(e),null!=e&&(e.style.display="none")},e.showButton=function(e){e=_ge(e),null!=e&&(e.style.display="")},e.disableButton=function(e){e=_ge(e),null!=e&&(e.disabled=!0)},e.enableButton=function(e){e=_ge(e),null!=e&&(e.disabled=!1)},e.callHandlerOnEnterKey=function(e,t){e=e?e:window.event?window.event:"";var n=e.target||e.srcElement,i=3==e.keyCode||13==e.keyCode||13==e.which;return i&&(e.preventDefault&&e.preventDefault(),window.event&&!e.which&&(window.event.keyCode=0),t&&t(n)),!i},e.callHandlerOnEscKey=function(e,t){e=e?e:window.event?window.event:"";var n=e.target||e.srcElement,i=27==e.keyCode;return i&&(e.preventDefault&&e.preventDefault(),window.event&&!e.which&&(window.event.keyCode=0),t&&t(n)),!i},e.purgeHandlers=function i(e){var t,n,o=e.attributes;if(o)for(t=0;t<o.length;t++)n=o[t].name,"function"==typeof e[n]&&(e[n]=null);if(o=e.childNodes)for(t=0;t<o.length;t++)i(e.childNodes[t])},e.loadAdImage=function(e,t,n){var i=_ge(e),o=document.createElement("img");o.alt=t,o.src=n,i.appendChild(o),i.style.visibility="visible"},e.isChildOf=function(e,t){for(;t&&t!==e&&t!=document;)t=t.parentNode;return t===e},e.isMenuOpen=function(e){return elementHasClassName(e,"on")},e.closeMenu=function(e){e.style.display="none",removeCssClass(e,"on")},e.toggleMenu=function(e,t){var n=_ge(t);if(isMenuOpen(n))closeMenu(n);else{var i=n.style,o=_ge(e);i.top=o.offsetHeight+o.offsetTop+"px",i.left=o.offsetLeft+"px",i.display="block",addCssClass(n,"on")}},e.hideOnEsc=function(e,t){var n=_ge(t);e=e?e:window.event?window.event:"",27==e.keyCode&&isMenuOpen(n)&&closeMenu(n)},e.hideOnMouseUp=function(e,t,n){var i=_ge(n),o=_ge(t);e=e?e:window.event?window.event:"";var r=e.target||e.srcElement;isChildOf(i,r)||isChildOf(o,r)||!isMenuOpen(i)||closeMenu(i)},e.Range=function(e,t){this.start=e,this.end=t,this.contains=function(e){return this.isValid()&&e>=this.start&&e<=this.end},this.isValid=function(){return-1!=this.start}},e.downloadToPhotoGallery=function(e,t,n,i,o,r,s){isDownloadToWlpgActive&&(wlpgWave3Installed?_ge(i).src="wlpg: /c "+e+" /r "+t+" /t "+n:wlpgWave2Installed?1==confirm(o+"\n\n"+r)&&window.open(s):window.open(s)),isDownloadToWlpgActive=!1,setTimeout(function(){isDownloadToWlpgActive=!0},3e3)},e.doOrderPrints=function(e){function t(){r&&(clearInterval(s),s=null,r.focus())}var n=e,i="windows_live_order_prints",o="width=510,height=230,top=120,channelmode=0,dependent=0,directories=0,fullscreen=0,location=0,menubar=0,resizable=1,scrollbars=1,status=0,toolbar=0",r=window.open(n,i,o),s=setInterval(t,50);$menu.closeAll()},e.getPosition=function(e){var t=0,n=0;if(e){for(var i=e;i;i=i.offsetParent)t+=i.offsetTop,n+=i.offsetLeft;for(i=e.parentNode;i&&i!=document.body;i=i.parentNode)i.scrollTop&&(t-=i.scrollTop),i.scrollLeft&&(n-=i.scrollLeft)}return{left:n,top:t}},e.getViewportDimensions=function(){var e,t,n=document.documentElement,i=document.body;return self.innerHeight&&self.innerWidth?(e=self.innerWidth,t=self.innerHeight):n&&n.clientHeight?(e=n.clientWidth,t=n.clientHeight):i&&(e=i.clientWidth,t=i.clientHeight),{width:e,height:t}},e.setCookie=function(e,t,n,i,o,r){var s;if(n){var a=new Date;a.setTime(a.getTime()),n=1e3*n*60*60*24,s=new Date(a.getTime() <truncated>
File name favicon[1].ico
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico
File Size 7886 bytes
File Type MS Windows icon resource - 3 icons, 32x32, 256-colors
MD5 604adfb53677b5ca4f910ffb131b3e7c
SHA1 5f1a0fb4e4ad3707e591ce16352158263488ed70
SHA256 24638331466a52bb66f912090e7a9cc9e3df2236e39c187c9409104526b472b0
CRC32 17ACEE31
Ssdeep 24:i7xEfZFssEcdSsssss9udddSsssssss8VpddddSssssssssss4cddddddysssssF:gu6sOwH0/lO9dL/FLRBwwkKK1V
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name legacy1-1a09fb82[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6NWIC74\legacy1-1a09fb82[1].js
File Size 245923 bytes
File Type ASCII text, with very long lines
MD5 1a09fb82e78a3e21e97d9faffe35e3c7
SHA1 5992e6cfecb671ecdc802924a94e83a151a56ea3
SHA256 771d5c4a06a1573da9c0fb15fedc1b8bf2219dca348887c344843077a76dd803
CRC32 C9D1ADD6
Ssdeep 6144:NPoPdrI0N0K6gpStxGroLMIqPvtOndn9mOQ1:ZoPdrSvLMIqPvtOndn9o1
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
define("registernamespace",[],function(){!function(){function e(e){for(var n=0,i=arguments.length;i>n;n++)for(var r=this,o=arguments[n].split("."),a=0,s=o.length;s>a;a++){var l=o[a],c=r[l];c||(c=r[l]={}),c.__namespace||(0===a&&"Sys"!==arguments[n]&&(t.Sys.__rootNamespaces[Sys.__rootNamespaces.length]=c),c.__namespace=!0,c.__typeName=o.slice(0,a+1).join("."),c.getName=function(){return this.__typeName}),r=c}return r}var t=window;t.registerNamespace=e,e("Sys"),t.Sys.__rootNamespaces||(t.Sys.__rootNamespaces=[t.Sys])}()}),define("dependancies",["jquery-1.7.2","debug","validateconfig"],function(){!function(e){var t,n=window;n.Debug;t=n.wLive?n.wLive:n.wLive={},t.Core={},t.Controls={};var i=n.$Config;if(i.handlerBaseUrl=i.handlerBaseUrl||"",!i.sd){var r=document.domain,o=r.split(".");i.sd=1===o.length?"":"."+o[o.length-2]+".com"}i.mkt=i.mkt||"na",i.prop=i.prop||"X","undefined"!=typeof window.SymRealWinOpen&&(window.open=window.SymRealWinOpen)}(window.originaljQuery||jQuery)}),define("truncateellipsis",["dependancies","lightstring"],function(){!function(){var e=window,t=e.wLive;t.truncateEllipsis=function(e,t){return t=Math.max(parseInt(t,10)||1e5,4),e?e.length>t?e.substring(0,t-3)+"...":e:""}}()}),define("bsi",["validateconfig","jquery-1.7.2","cookie"],function(){!function(e){function t(){var t=e(document),i=e(T);t.bind("click",o),t.bind("mousedown",r),t.bind("mouseup",s),t.bind("keydown",l),t.bind("keyup",c),t.bind("touchstart",u),t.bind("touchend",d),ce&&ce.suppressBrowserRightClickMenu&&t.bind("contextmenu",a),ge=1,le.ignoreWindowOnload||(le.useJQueryReady?i.ready(function(){setTimeout(b,0)}):i.bind("load",b)),i.bind("unload",C),ce&&ce.capture&&(te=n())}function n(){var e={sw:screen.width,sh:screen.height,c:screen.colorDepth};return document.documentElement.clientWidth&&(e.bw=document.documentElement.clientWidth,e.bh=document.documentElement.clientHeight),e}function i(){O&&O.href!=H&&(O.href=H,e(O).unbind("mouseout",i),O=0)}function r(e){i(),f(e)}function o(e){2==e.which||N||R||(g(e),ae=!N&&!E&&!B,D=1,p(e.target,null,e),ae=1)}function a(t){if(t.shiftKey)return!0;if(t.target){var n=e(t.target),i=n.closest("a");if(i.length>0){var r=i.attr("href");if(r&&"#"!==r)return!0}var o=n.closest("input");if(o.length>0){var a=o.attr("type");if(a&&"text"==a.toLowerCase())return!0}var s=n.closest("textarea");if(s.length>0)return!0}return!1}function s(e){f(e),(1!=D||N)&&(ae=0,p(e.target,3==D,e),ae=1)}function l(e){93==e.keyCode&&(D=3,p(e.target,1,e))}function c(e){var t=e.keyCode;27!=t&&18!=t&&13!=t||i()}function u(e){i(),W=I()}function d(e){I()-W>1e3&&(ae=0,D=3,p(e.target,null,e),ae=1)}function f(e){D=e.which,g(e)}function g(e){E=e.shiftKey,N=e.ctrlKey,B=e.altKey,R=e.metaKey}function p(e,t,n){for(i();e;){if("A"==e.tagName){var r;try{r=e.href}catch(o){}if(r){if(se.AjaxHistory&&se.AjaxHistory.fullAjax&&-1==r.indexOf("#")){var a;T.$PF&&(a=T.$PF.getAppFrameDocument());var s=a?a.location.href:document.location.href,l=s.indexOf("#");l>-1&&(s=s.substr(0,l));var c=s.indexOf("?");c>-1&&(s=s.substr(0,c)),s+="?",0==r.toLowerCase().indexOf(s)&&(r=e.href="#"+r.substr(s.length))}var u=!1;if($U.isLinkABookmark(r)){var d=$U.getUrlFragment(r);d.indexOf("=")>-1&&(u=!0)}else u=!0;u&&A.informNav(r,0,e,t,null,n)}break}e=e.parentNode}}function h(e){for(var t=J;e&&e.getAttribute;){var n=e.getAttribute("lid");if(n){t=n;break}e=e.parentNode}return t}function v(e){var t=J;if(e)for(var n in e){var i=e[n];i=i.encodeUrl?i.encodeUrl():i,t+=G+n+K+i}return t}function m(){ge&&!le.ignoreWindowOnload&&A.informLoaded(1,1)}function _(){var e="U";return 3==D?e="R":1==D?e="L":2==D&&(e="M"),N&&(e+="C"),B&&(e+="A"),E&&(e+="S"),e}function y(e,t){for(var n in t)e[n]=t[n]}function b(e){fe=1,w()}function w(){fe&&0==de.length&&A.informLoaded()}function C(){S(),i();var t=e(document);t.unbind("click",o),t.unbind("mousedown",r),t.unbind("mouseup",s),t.unbind("keydown",l),t.unbind("keyup",c),t.unbind("touchstart",u),t.unbind("touchend",d);var n=e(T);le.ignoreWindowOnload||n.unbind("load",b),n.unbind("unload",C)}function S(){m(),F||k("U")}function I(){return(new Date).getTime()}function $(e){return(e?e:I())-A.headTime}function k(e,t,n,i){if(ce&&ce.enableLD){var r=e+$(n)+(t?t:J),o=M.getCookie(q,1);if(!o&&!i){var a=M.getCookie(X,1);if(a){var s=parseInt(a);if(!isNaN(s)){re-1>s&&(s=re-1),s>oe&&(s=oe),s>=re&&(ie.splice(0,s+1-re),re=s+1);var l=oe-s;if(l>0){for(oe=s;l-- >0;){var c=oe+1-re;if(c<ie.length){var u=ie[c];if(!k(u.logKey,u.logValue,u.logTime,!0)){A.flush();k(u.logKey,u.logValue,u.logTime,!0)}}oe++}o=M.getCookie(q,1)}}}}var d=P.deserialize(o,V,0,1),f=[le.xid,le.rid,se.di,A.headTime].join("_"),g=d[f];if(g?g+="|"+r:g=r,d[f]=g,o=P.serialize(d,V,1),o.length>512)return 0;i||(ie.push({logKey:e,logValue:t,logTime:n?n:I()}),oe++,M.setCookie(X,oe,$Config.sd,0,new Date(2020,1,1),1)),M.setCookie(q,o,$Config.sd,0,new Date(2020,1,1),1)}return 1}function L(e,t){var n=0,i=e.clone(),r=i.length,o=!1,a=T.$WebWatson;if(a)for(;r>n;n++)o=a.wrapCallback(i[n],0,Array.prototype.slice.call(arguments,1))()||o;return o}var T=window,x=(T.Debug,T.$Beacon),M=T.$Cookie,P=T.$Utility,A=window.$BSI;A.headTime||(A.headTime=(new Date).getTime());var D,N,E,B,R,W,j,F,O,H,U=[],Q=[],q="LD",X="LDH",V="&",z="?",G="~",K=":",J="",Y=".com",Z="-int.com",ee={},te={},ne=!0,ie=[],re=-1,oe=-1,ae=1,se=T.$Config,le=se.BSI,ce=le.BICI,ue=se.sd.endsWith(Z)?Z:Y,de=[],fe=le.ignoreWindowOnload,ge=0;A.informLoaded=function(e,t){if(se=T.$Config,le=se.BSI,ce=le.BICI,document.body.id=le.pn?le.pn.encodeHtmlAttribute():J,A.headTime!=j){var n=I();j=A.headTime,ge=0,de=[],t&&A.addLogParams({x:"1"}),L(U,t),k("L",v(te),n),te={},ce&&ce.beaconUrl&&ne&&x.fire(ce.beaconUrl,ee),ee={}}},A.sendToIdss=function(e){return"undefined"!=typeof e&&(ne=e),ne},A.informPVHead=function(){S(),A.headTime=I(),ge=1},A.addBeaconParams=function(e){y(ee,e)},A.addLogParams=function(e){y(te,e)},A.addLoadedCallback=function(e){U.push(e)},A.removeLoadedCallback=function(e){setTimeout(function(){for(var t=0,n=U.length;n>t;t++)if(U[t]==e)return void U.splice(t,1)},0)},A.isLoading=function(){return ge},A.addNavCallback=function(e){Q.push(e)},A.navigateTo=function(e,t,n){if(n&&(A.currentScenarioObject=n),!A.informNav(e,0,0,0,0,0,0,t))try{t?window.open(e,t):window.location.href=e}catch(i){}},A.addLoadEvent=function(e){ge&&de.push(e)},A.eventLoaded=function(e){for(var t=0,n=de.length;n>t;t++)if(de[t]==e){de.splice(t,1),w();break}},A.addHandlerDPs=function(e){return e.biciPrevious=le.biciPrevious,e.mmn=se.mmn,e},A.addLDToHash=function(e){return e.bicild=M.getCookie(q,1),M.deleteCookie(q,$Config.sd),e},A.informNav=function(t,n,r,o,a,s,l,c){ae=ae&&!a&&(!r||"_blank"!=r.getAttribute("target"));var u=I(),d=r?r.href:0;i(),m(),n=n||h(r),t=t||J;var f=$U.doesMatchHost(t,"live"+ue),g=$U.isAbsoluteUrl(t)&&$U.doesMatchHost(t,"g.live"+ue);if(k("N",G+G+n.encodeUrl()+G+_(),u),F=F||ae,ce&&ce.urlHash){var p=ce.urlHash+u;ce.fid&&(p+=V+ce.fid+V+(ae?"1":"0")+(o?"0":"1")),M.setCookie("LN",p,$Config.sd)}var v=L(Q,t,r,o,ae,f,s,l,c);!v&&$B.IE&&$B.V<8&&"function"==typeof ieImgAnchorFix&&r&&ieImgAnchorFix(r);var y=["WLXID=",le.xid,"&RID=",le.rid,"&TID=",A.headTime,"&lid=",n].join(J);if(g){if(r&&ce&&ce.enableGlinkExtra){var b;b=d.indexOf(z)<0?z+z:d.indexOf(z+z)<0&&d.indexOf(V+V)<0?V+V:V,r.href=d+b+y}}else f||ce&&ce.enableGlinkCall&&x.fireAndHold("//g.live"+Y+"/_9uxp9en-us/mike?"+t.encodeUrl()+V+V+y);return r&&d!=r.href&&(O=r,H=d,3==D?$B.Safari||$B.Firefox||e(r).bind("mouseout",i):setTimeout(i,100)),v},A.reportEvent=function(e,t){var n=G+e+v(t);if(!k("E",n)){A.flush();k("E",n)}},A.flush=function(){ie.splice(0,oe-re+1),re=oe,M.setCookie(X,oe,$Config.sd,0,new Date(2020,1,1),1),x.fire(se.handlerBaseUrl+"/Handlers/NoOp.mvc",A.addLDToHash({}))},t(),$Do.register("$BSI.addNavCallback",A.addNavCallback),$Do.register("$BSI")}(window.originaljQuery||jQuery)}),define("css",["validateconfig","jquery-1.7.2"],function(){!function(e){function t(e){var t=i[e];return t||(i[e]=t=new RegExp("\\b"+e+"\\b","ig")),t}var n=window,i={},r=n.$css={has:function(e,n){var i=!1;if(e&&e.className){var r=t(n);r.lastIndex=0;try{i=r.test(e.className)}catch(o){}}return i},remove:function(e,t){r.swap(e,t)},swap:function(e,n,i){i=i||"",r.has(e,n)&&(e.className=e.classN <truncated>
File name legacy0-e2cc9701[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\legacy0-e2cc9701[1].js
File Size 15637 bytes
File Type ASCII text, with very long lines, with no line terminators
MD5 e2cc970109a12579f63822ea91f6e0e9
SHA1 45ed32981fcb9314b32718f22182e18323142030
SHA256 7fb28d1f6c9f57439eb0e83e6b99857ce792a3874ff3a35e6dbe912692d0e9df
CRC32 1D0666A1
Ssdeep 384:ZfWQ2UX5rZt5rL/qL7CVXRhexQ4NPLD4zlaAPizNr78r:kEPeS9PEDwlaAP2Nr6
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
define("debug",[],function(){}),define("lightobject",[],function(){!function(){var w=window,_object=w.Object,_array=w.Array,_jsonDefined="undefined"!=typeof JSON;if(_object.create||(_object.create=function(e){function t(){}return t.prototype=e,new t}),_object.keys||(_object.keys=function(e){var t=[];for(var n in e)_object.prototype.hasOwnProperty.call(e,n)&&t.push(n);return t}),_object.isString||(_object.isString=function(e){return"string"==typeof e||e&&e.constructor===String}),_object.isArray||(_object.isArray=function(e){return e&&"[object Array]"===Object.prototype.toString.call(e)}),_array.isArray||(_array.isArray=function(e){return e&&"[object Array]"===Object.prototype.toString.call(e)}),_object.isFunction||(_object.isFunction=function(e){return"function"==typeof e}),_object.isObject||(_object.isObject=function(e){return e&&"object"==typeof e}),_object.isBoolean||(_object.isBoolean=function(e){return"boolean"==typeof e||e&&e.constructor===Boolean}),_object.isNumber||(_object.isNumber=function(e){return"number"==typeof e||e&&e.constructor===Number}),_object.isNull||(_object.isNull=function(e){return null==e||void 0==e}),_object.fromJSON||(_object.fromJSON=function $Object$fromJSON(text){try{if(_jsonDefined&&JSON.parse)return JSON.parse(text);if(/^[\],:{}\s]*$/.test(text.replace(/\\["\\\/b-u]/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,"]").replace(/(?:^|:|,)(?:\s*\[)+/g,"")))return eval("("+text+")")}catch(e){}return null}),_object.toJSON||(_object.toJSON=function(e,t,n,r,i){if(""===e)return"";if(i&&"string"==typeof e)return e;if(_jsonDefined&&JSON.stringify){var o="";try{o=JSON.stringify(e,t,n)}catch(a){if(!r)throw a;o="Object could not be serialized to JSON."}return o}var c=_object.toJSON,u="null";if(!_object.isNull(e))if(_object.isArray(e)){u=[];for(var s=0;s<e.length;s++)u.push(c(e[s]));u="["+u.join(",")+"]"}else if(_object.isObject(e)){u=[];for(var l in e)u.push('"'+l.encodeJson()+'":'+c(e[l]));u="{"+u.join(",")+"}"}else _object.isString(e)?u='"'+e.encodeJson()+'"':_object.isFunction(e)||(u=e.toString());return u}),_jsonDefined){if(JSON.parse){var originalJSONparse=JSON.parse;JSON.parse=function(e){try{return originalJSONparse.apply(JSON,[e])}catch(t){throw t.message=t.message+"\ninputScript: "+e+" at "+t.stack,t}}}}else window.JSON={parse:_object.fromJSON,stringify:_object.toJSON}}()}),define("lightstring",["debug"],function(){!function(){function e(e,t){for(var n=e.split("."),r=t,i=0;i<n.length;i++)if(r=r[n[i]],"undefined"==typeof r)return null;return r}function t(e,t,n){var r=n.s===t;if(!r){t=t||0;var i,o,a=e.charCodeAt(t);n.s=-1,55296>a||a>57343?n.c=a:56319>=a?(i=a,o=e.charCodeAt(t+1),n.c=1024*(i-55296)+(o-56320)+65536,n.s=t+1):(n.c=-1,r=!0)}return!r}var n=window,r=(n.Debug,n.String.prototype);r.endsWith=function(e){return this.substr(this.length-e.length)==e},r.startsWith=function(e){return this.substr(0,e.length)==e},r.lTrim=function(){return this.replace(/^\s*/,"")},r.rTrim=function(){return this.replace(/\s*$/,"")},r.trim=function(){return this.replace(/^\s+|\s+$/g,"")};var i=/\{\d+\}/g,o=/\{[a-z|A-Z|\.|\$|\:]+\}/g,a=/[\{\}]/g;r.format=function(e){function t(e){var t=n[e.replace(a,"")];return null==t&&(t=""),t}var n=arguments;return this.replace(i,t)},r.itemFormat=function(t,n,r){function i(i){var o,c=i.replace(a,""),u=c.split(":"),s="",l=e(u[0],t);if(null!=l)s=l;else{var f=e(u[0],n);null!=f&&(s=f.apply(this,r))}return 2==u.length&&(o=e(u[1],n)),o?o(s):s}return n=n||{},r=r||[],this.replace(o,i)};var c=/[^\w.,-]/g;r.encodeXmlAttribute=r.encodeHtmlAttribute=function(){return this.replace(c,function(e){return["&#",e.charCodeAt(0),";"].join("")})};var u=/[^\w .,-]/g;r.encodeXml=r.encodeHtml=function(){var e={c:0,s:-1};return this.replace(u,function(n,r,i){return t(i,r,e)?["&#",e.c,";"].join(""):""})};var s=/[^\w.%-]/g;r.encodeURIComponent=r.encodeUrl=function(){return encodeURIComponent(this).replace(s,function(e){var t=e.charCodeAt(0).toString(16);return"%"+(1==t.length?"0"+t:t).toUpperCase()})};var l=/[^\w .,-]/g;r.encodeJson=function(){return this.replace(l,function(e){var t=e.charCodeAt(0).toString(16),n=new Array(4-t.length+1).join("0");return"\\u"+n+t.toUpperCase()})},r.decodeURIComponent=r.decodeUrl=function(){return decodeURIComponent(this)};var f=/([\\\.\{\}\(\)\[\]\/\+\*\?\|\^\$])/gi;r.escapeRegex=function(e){return(0==arguments.length?this:e).replace(f,"\\$1")}}()}),define("lightarray",["jquery-1.7.2","debug"],function(){!function(){var e=window,t=(e.Debug,e.jQuery,e.Array.prototype);t.addRange||(t.addRange=function(e){return e&&this.push.apply(this,e),this}),t.exists||(t.exists=function(e){return this.indexOf(e)>=0}),t.contains||(t.contains=t.exists),t.clone||(t.clone=function(){return[].addRange(this)}),t.indexOf||(t.indexOf=function(e,t){var n=this.length;for((t=t||0)<0&&(t=Math.max(0,n+t));n>t;)if(this[t++]===e)return t-1;return-1}),t.forEach||(t.forEach=function(e,t){for(var n=this.length,r=0;n>r;r++)e.call(t,this[r],r,this)}),t.insert||(t.insert=function(e,t){this.splice(e,0,t)}),t.remove||(t.remove=function(e){var t=this.indexOf(e);return t>=0&&this.splice(t,1),t>=0})}()}),define("defineconfig",[],function(){}),define("validateconfig",["defineconfig"],function(){}),define("utility",["jquery-1.7.2","debug","validateconfig","lightstring"],function(){!function(jQuery){function updateObject(e,t){for(var n in t){var r=e[n],i=t[n];i.constructor==Array?(r&&r.constructor==Array||(r=e[n]=[]),updateObject(r,i)):"object"==typeof i?("object"!=typeof r&&(r=e[n]={}),updateObject(r,i)):e[n]=i}}function evalStringsAndAddScripts(e,t){for(var n=0;n<e.length;n++)$Utility.eval(e[n]);for(n=0;n<t.length;n++)if(t[n]&&""!=t[n]){var r=document.createElement("SCRIPT");r.src=t[n],document.body.appendChild(r)}}var w=window,Debug=window.Debug,_ConstDefaultDeliminator="&",_ConstKeyValueDeliminator="=",$Utility=w.$Utility={};$Utility.eval=function(s){eval(s)},$Utility.deserialize=function(e,t,n,r){var i={};if(t=t||_ConstDefaultDeliminator,e)for(var o=e.split(t),a=o.length,c=0;a>c;c++){var u=o[c],s=u.split(_ConstKeyValueDeliminator);if(s.length>0){var l=s[0].trim();s.splice(0,1);var f=s.join(_ConstKeyValueDeliminator).trim();try{i[l]=r?f:f.decodeUrl()}catch(d){i[l]=""}}}return i},$Utility.serialize=function(e,t,n){t=t||_ConstDefaultDeliminator;var r=[];for(var i in e){var o=e[i];o=null==o?"":o.toString(),r.push(i,_ConstKeyValueDeliminator,n?o:o.encodeUrl(),t)}return r.length>0&&r.pop(),r.join("")},$Utility.updateObject=updateObject;var ajaxInnerHtmlRegex=new RegExp('<script type="text/javascript"( src="([^"]*?)"){0,1}(( loadfirst="true")|( defer="defer")){0,1}( id="[^"]*?"){0,1}>([\\w\\W]*?)</script>',"gim"),debuggerAjaxInnerHtmlRegex=new RegExp("<script","gim");$Utility.ajaxInnerHtml=function(e,t){ajaxInnerHtmlRegex.lastIndex=0;for(var n,r=[],i=[],o=[],a=[],c=[],u=0;n=ajaxInnerHtmlRegex.exec(t);)r.push(t.substring(u,n.index)),n[4]&&""!=n[4]?(a.push(n[7]),c.push(n[2])):(i.push(n[7]),o.push(n[2])),u=ajaxInnerHtmlRegex.lastIndex;r.push(t.substring(u)),evalStringsAndAddScripts(a,c),e.innerHTML=r.join(""),evalStringsAndAddScripts(i,o)},$Utility.generateGuid=function(){var e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,function(e){var t=Math.floor(16*Math.random()),n="x"==e?t:3&t|8;return n.toString(16)});return e},$Utility.htmlEncodeFormatString=function(e){return e.encodeHtml().replace(new RegExp("&#123;","g"),"{").replace(new RegExp("&#125;","g"),"}")},$Utility.removeQueryParam=function(e,t){var n=e.split("#"),r=n[0].split("?");if(r.length>=2){var o=r[0],a=r[1],c=encodeURIComponent(t.toLowerCase())+"=",u=a.split(/[&;]/g);for(i=u.length-1;i>=0;i--)-1!==u[i].toLowerCase().indexOf(c,0)&&u.splice(i,1);u.length>0?(e=o+"?"+u.join("&"),n.length>1&&(e+="#"+n[1])):e=o}return e}}(window.originaljQuery||jQuery)}),define("utilityextensions",["utility"],function(){!function(e){var t=e("body"),n=e("<span/>").css({borderLeftColor:"red",borderRightColor:"blue",position:"absolute",top:"-999px"}).appendTo(t);$Utility._isHighContrast=n.css("borderLeftColor")===n.css("borderRightColor"),n.remove(),$Utility._isHighContrast&&t.addClass("highContrast"),$Utility.isHighContrast=function(){return $Utility._isHighCont <truncated>
File name user@live[2].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[2].txt
File Size 64 bytes
File Type ASCII text
MD5 4539d3079cbaa925cc01f43b9093e4d3
SHA1 5a2191624f1dd17b53716caabdddc7b2ffe6b4f5
SHA256 b01b7e6e638e728544877111dc8c7b17afefd9d17478c061e77853108c1ee14c
CRC32 2C7C73F2
Ssdeep 3:vpqMLJUQ2SrTJhgGkVdvcD:vEMWXMfgpvcD
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
wla42

live.com/
1536
3057171584
30764346
2217790064
30762966
*
File name user@live[1].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@live[1].txt
File Size 131 bytes
File Type ASCII text
MD5 28b365658edbcc4f7c02f030ddcc600f
SHA1 585198eb1c21f227b5c48f57a9bdcefd88171a95
SHA256 21a109d89ecff52e1202ccb6e58f76446858ad21fb89ba0ebd5c5e28df94bdfe
CRC32 B73FC8AC
Ssdeep 3:vpqMLJUQ2SrTJhgGkVdvcB/GJJUQ2IVDzkkV5JWFD:vEMWXMfgpvcBWaXoDzkkMFD
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
wla42

live.com/
1536
3057171584
30764346
2217790064
30762966
*
mkt
en-GB
live.com/
1536
1401405440
30836485
2218880064
30762966
*
File name clientstring[1].mvc
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\clientstring[1].mvc
File Size 981 bytes
File Type ASCII text, with very long lines
MD5 ea74589fa749c2e9a519847fd934b777
SHA1 69f7121a2c7a2da3c883b848ea63183ab9ca456f
SHA256 b5c4714b301e093906f234eab48c04f9d263299c9cd84dbc119ed81ff004049a
CRC32 FC8F13E5
Ssdeep 24:2MPzv1g43a3umg57o+nIDS0o/sHxHL9eLso3nFn:9ryqALLDHo/sHb3cFn
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
(function () {window.GetString = function(s){var rootObject = this, parts = s.toLowerCase( ).split('.'), iCount = parts.length;for (var i = 0; i < iCount; i++){var currentPart = parts[i];rootObject = rootObject[currentPart];if (rootObject == null){return '';}}return typeof (rootObject) == "object" ? rootObject.___str : rootObject.toString();}
var lKMu = window.live=window.live||{};var Uirk=lKMu.shared=lKMu.shared||{};var pkMS=Uirk.strings=Uirk.strings||{};var VyLS=pkMS.languagepicker=pkMS.languagepicker||{};var oWhQ=VyLS.client=VyLS.client||{};oWhQ["close"]="Close";var wbKU=oWhQ.error=oWhQ.error||{};wbKU["loading"]="We're unable to display the list of languages at this time.";wbKU["saving"]="We're unable to change your language settings at this time.  ";oWhQ["languagelinkarialabel"]="Change Language";oWhQ["loading"]="Loading";oWhQ["save"]="Save";oWhQ["saving"]="Saving";oWhQ["title"]="Language";window.$Do && window.$Do.register("ale_wlive");})();window.ale_wlive=true;
File name Web Slice Gallery~.feed-ms
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
File Size 28672 bytes
File Type Composite Document File V2 Document, No summary info
MD5 d4cc7ce677b6ab7b521a1659aed301c8
SHA1 e1f036a56474983c11b5369dc6d46f158b0d4e0e
SHA256 3e23031a2b91f47683115473ce73964a196b68405153b815af14f7bde5032586
CRC32 E843F4D5
Ssdeep 12:Jw77mFQCb777777777777777777777777777777/FJl8vbf+8Gc7777777777777:Jsbf+8/2As4WYiit
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 077eb5d924c84ec41447ad7795b38734
SHA1 e3b4793862bb370db5ddd3cb5e607034172336e1
SHA256 06813b4ee292b191c05cb15febfba874e7f4caac47a8c3081041a20880708209
CRC32 E2F624C0
Ssdeep 48:q3xbTpYVfruSYufruXYsfAjYmeKZ6MYCI:qZTuVfrutufruIsfAc26Lv
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name {BE2603A1-D3AD-11E9-8662-000C2940B9FB}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE2603A1-D3AD-11E9-8662-000C2940B9FB}.dat
File Size 6144 bytes
File Type Composite Document File V2 Document, No summary info
MD5 a3a4f73e5f2aab6a7b273ec8d3fec452
SHA1 847966b7ae528922570dd46f354fba1f52324336
SHA256 351b26995c9fbe60d3254dec239cb6b57ff10ccebaa7c10abaad57170ead2f02
CRC32 1864C929
Ssdeep 48:rpxFGVDUqDy0gfcFHafUsJfUfgfURfU4qHafUfgi:VgQqDy8F5sCfD6d5L
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name RecoveryStore.{BE2603A0-D3AD-11E9-8662-000C2940B9FB}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE2603A0-D3AD-11E9-8662-000C2940B9FB}.dat
File Size 3584 bytes
File Type Composite Document File V2 Document, No summary info
MD5 056f37d454d7c8800d55e00a757fc998
SHA1 328bbe9560fa9bac1b780b4863cc4ea075120532
SHA256 a6d0155832868138ac39a2ef1d85ef1ee7ed67dfba34afbd0140dfeca7c3dd45
CRC32 2B00F9F5
Ssdeep 12:rl0YmGF245drEg5+IaCrI017+FZDrEgmf+IaCy8qgQNlTq1tt0V0ltTh0lt:rIQd5/OGv/TQNlW1tjTy
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 35706a30aef44efd95d54b627a548a5f
SHA1 911474bb51cf625768cfce23e5ba09ee2c141c00
SHA256 8e2064d68899382e7e7a31adf0947ecb09cea7433fc5deafab1b208e1189d554
CRC32 B028CB6C
Ssdeep 12:qjnpu3JYEqT22dgfAIJ3S9d9jVGe3XiWYEZB22dgfAIJ3S9d9jVG:qjn2YPeO9d9jVGAiWYGBeO9d9jVG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 97d1439a471a354b5ada50dea4cb20dc
SHA1 934b8d3cf66290ce7ef529c9384b7e9edce56bae
SHA256 3d19769d6a4241e52ce4600f2ddd90e65983834b96c2fd7b87cd941369375e81
CRC32 150447DE
Ssdeep 48:qIPLf/ZJvH+6fnRqT/mf7RCpwV+4igHDt/UwbmXhBgkBVGWYCIh:qIPb/Z1eCq0lV9Nbojbm
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
File Size 65536 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 ae5fe8a18bb2f53a942ea745873e77b9
SHA1 08d2b475527791f0dba46510bb5833ec22b455be
SHA256 e3d26ab0807a0529e31645c4bc7796ebaa8bd6fd2eabe8a6432c5a94ffe90091
CRC32 BAF441C1
Ssdeep 384:an1w1xBNPUas3dg3skdVQnQeW+4fTJ16ziXrAsjfCt82jNJ03L:cwgaVdBr/f0Z
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name iexplore.exe
PID 1856
Dump Size 666112 bytes
Module Path C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type PE imageexecutable
MD5 4d5ac88402169ded89f2c2d7ee87dec1
SHA1 d52f41c302840ce2f843bbdc592c8a210549adea
SHA256 bc0e42c7930c58461379e9a1d2904b321303a36544eff8e494c0b0057e577696
CRC32 4CAF7F6C
Ssdeep 12288:oPX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+Y:sE6Ehg7mM+M6RkMkIM7gE6Eh67
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename bc0e42c7930c58461379e9a1d2904b321303a36544eff8e494c0b0057e577696
Download
Process Name explorer.exe
PID 1632
Dump Size 2871808 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 d80a833d2e8173ca02e4116895092e4c
SHA1 f71a877f0a4b60094daa140d988e97774dca1861
SHA256 b396d0cb3f686954d57a0424c03042ff70417e4ffc67ab1d8bb907cb0314e7de
CRC32 DDBB908C
Ssdeep 49152:JxrceI/lIRYraisQhFCUuNvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2W:DrcPlIW0vYYYYYYYYYYYRYYYYYYYYYY4
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename b396d0cb3f686954d57a0424c03042ff70417e4ffc67ab1d8bb907cb0314e7de
Download

Comments



No comments posted

Processing ( 18.392 seconds )

  • 10.014 Static
  • 2.95 CAPE
  • 2.323 ProcDump
  • 1.911 BehaviorAnalysis
  • 0.668 Dropped
  • 0.358 Deduplicate
  • 0.162 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 1.423 seconds )

  • 0.577 antidbg_windows
  • 0.106 antiav_detectreg
  • 0.092 stealth_timeout
  • 0.061 api_spamming
  • 0.038 infostealer_ftp
  • 0.036 virtualcheck_js
  • 0.03 antivm_vbox_window
  • 0.027 heapspray_js
  • 0.024 antivm_generic_scsi
  • 0.023 antisandbox_script_timer
  • 0.022 antianalysis_detectreg
  • 0.022 infostealer_im
  • 0.015 mimics_filetime
  • 0.014 Doppelganging
  • 0.014 infostealer_mail
  • 0.013 antivm_generic_services
  • 0.012 antivm_generic_disk
  • 0.011 bootkit
  • 0.011 recon_programs
  • 0.011 antivm_vbox_keys
  • 0.01 virus
  • 0.009 ransomware_files
  • 0.008 InjectionCreateRemoteThread
  • 0.008 antiav_detectfile
  • 0.007 dridex_behavior
  • 0.007 injection_createremotethread
  • 0.007 antivm_vmware_keys
  • 0.006 js_phish
  • 0.006 InjectionProcessHollowing
  • 0.006 kibex_behavior
  • 0.006 ransomware_message
  • 0.006 injection_runpe
  • 0.005 uac_bypass_eventvwr
  • 0.005 stack_pivot
  • 0.005 betabot_behavior
  • 0.005 dynamic_function_loading
  • 0.005 hancitor_behavior
  • 0.005 antivm_parallels_keys
  • 0.005 antivm_xen_keys
  • 0.005 geodo_banking_trojan
  • 0.005 darkcomet_regkeys
  • 0.005 infostealer_bitcoin
  • 0.005 ransomware_extensions
  • 0.005 recon_fingerprint
  • 0.004 malicious_dynamic_function_loading
  • 0.004 InjectionInterProcess
  • 0.004 exploit_heapspray
  • 0.004 antiemu_wine_func
  • 0.004 stealth_network
  • 0.004 infostealer_browser_password
  • 0.004 persistence_autorun
  • 0.004 kovter_behavior
  • 0.003 antivm_vbox_libs
  • 0.003 antidebug_guardpages
  • 0.003 angler_js
  • 0.003 exploit_getbasekerneladdress
  • 0.003 ipc_namedpipe
  • 0.003 java_js
  • 0.003 vawtrak_behavior
  • 0.003 silverlight_js
  • 0.003 securityxploded_modules
  • 0.003 antivm_generic_diskreg
  • 0.003 antivm_vbox_files
  • 0.003 antivm_vpc_keys
  • 0.002 sets_autoconfig_url
  • 0.002 exploit_gethaldispatchtable
  • 0.002 PlugX
  • 0.002 InjectionSetWindowLong
  • 0.002 antianalysis_detectfile
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.001 stack_pivot_file_created
  • 0.001 tinba_behavior
  • 0.001 andromeda_behavior
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 disables_spdy
  • 0.001 rat_nanocore
  • 0.001 browser_scanbox
  • 0.001 antiav_avast_libs
  • 0.001 infostealer_browser
  • 0.001 modifies_desktop_wallpaper
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 EvilGrab
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 uac_bypass_cmstp
  • 0.001 disables_wfp
  • 0.001 cerber_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 js_suspicious_redirect
  • 0.001 antidbg_devices
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vmware_files
  • 0.001 bypass_firewall
  • 0.001 ie_martian_children
  • 0.001 network_torgateway
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 recon_checkip
  • 0.001 remcos_regkeys

Reporting ( 0.018 seconds )

  • 0.018 CompressResults
Task ID 90336
Mongo ID 5d776e60fba1250759e5b36d
Cuckoo release 1.3-CAPE
Delete