分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-09-20 21:23:09 2019-09-20 21:25:23 134 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 csrss.exe
文件大小 876544 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c0707273b7916a1e62665bdb44b9c65f
SHA1 e913907a859359a6ccc37937bf74df19a5ab7f9a
SHA256 5bf1b8b8a5a1f4b0a17acfd44f33038b93a0ab020c91f252a56d6f58056a0bab
SHA512 4e294affc8d0c48da61ff743c62a848841ba5685b6cfdb483ba90d61aad9f7eb3057b9d469f0838287d03df16ba932ab109f3d1a123fc3e43c1df296f8fc7d67
CRC32 AE944519
Ssdeep 12288:hAcHA4u8XlhYkjtZ7odnLHhyGqfH99k9s7zncjGij90X4D:hAcHAMlhYGtRodnLhDqv9dznEGX4D
Yara
  • Detected timing ticks function
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
51.143.111.81 未知 英国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
watson.microsoft.com CNAME legacy.umwatson.trafficmanager.net
A 51.143.111.81

摘要

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\D3DCompiler_42.dll
C:\Windows\System32\D3DCompiler_42.dll
C:\Windows\system\D3DCompiler_42.dll
C:\Windows\D3DCompiler_42.dll
C:\ProgramData\Oracle\Java\javapath\D3DCompiler_42.dll
C:\Windows\System32\wbem\D3DCompiler_42.dll
C:\Windows\System32\WindowsPowerShell\v1.0\D3DCompiler_42.dll
C:\Program Files (x86)\WinRAR\D3DCompiler_42.dll
C:\Users\test\AppData\Local\Temp\dwmapi.dll
C:\Windows\Resources\Themes\aero.theme
C:\Windows\SysWOW64\shell32.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Caches
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000052.db
C:\Users\test\Desktop\desktop.ini
C:\Windows\System32\rundll32.exe
C:\Windows\System32\shell32.dll
\??\MountPointManager
C:\Users\test\AppData\Local\Temp\user32.dll
C:\Users\test\AppData\Local\Temp\kernel32.dll
C:\Users\test\AppData\Local\Temp\kernel32.DLL
C:\Users\test\AppData\Local\Temp\shlwapi.dll
C:\Windows\Fonts\msyhbd.ttc
C:\Windows\Fonts\msyhbd.ttf
C:\Users\test\AppData\Local\Temp
C:\Users
C:\Users\test
C:\Users\test\AppData
C:\Users\test\AppData\Local
C:\Users\test\AppData\Local\Temp\sc.*
C:\Users\test\AppData\Local\Temp\sc
C:\ProgramData\Oracle\Java\javapath\sc.*
C:\ProgramData\Oracle\Java\javapath\sc
C:\Windows\System32\sc.*
C:\Windows\System32\sc.COM
C:\Windows\System32\sc.exe
C:\Users\test\AppData\Local\Temp\net.*
C:\Users\test\AppData\Local\Temp\net
C:\ProgramData\Oracle\Java\javapath\net.*
C:\ProgramData\Oracle\Java\javapath\net
C:\Windows\System32\net.*
C:\Windows\System32\net.COM
C:\Windows\System32\net.exe
C:\Windows\System32\shell32.dll.manifest
C:\Windows\System32\shell32.dll.123.Manifest
\Device\KsecDD
C:\Windows\System32\desk.cpl
C:\Windows\System32\desk.cpl.manifest
C:\Windows\System32\desk.cpl.123.Manifest
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\System32\
C:\Windows\SysWOW64\desk.cpl
C:\Windows
C:\Windows\System32
C:\Windows\System32\*.*
C:\Windows\Resources\Themes
C:\Windows\resources
C:\Windows\resources\*
C:\Windows\resources\Ease of Access Themes\*.theme
C:\Windows\resources\Ease of Access Themes\basic.theme
C:\Windows\resources\Ease of Access Themes\classic.theme
C:\Windows\resources\Ease of Access Themes\hc1.theme
C:\Windows\resources\Ease of Access Themes\hc2.theme
C:\Windows\resources\Ease of Access Themes\hcblack.theme
C:\Windows\resources\Ease of Access Themes\hcwhite.theme
C:\Windows\resources\Themes\*.theme
C:\Windows\resources\Themes\aero.theme
C:\Windows\resources\Themes\architecture.theme
C:\Windows\resources\Themes\characters.theme
C:\Windows\resources\Themes\landscapes.theme
C:\Windows\resources\Themes\nature.theme
C:\Windows\resources\Themes\scenes.theme
C:\Users\test\AppData\Local\Microsoft\Windows\Themes\*
C:\Users\test\AppData\Local\Microsoft\Windows\Themes\Custom.theme
C:\Windows\Globalization\MCT\MCT-CN\Theme\CN.theme
C:\Users\test\AppData\Roaming\Microsoft\Windows\Themes\
C:\Users\test\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Windows\SysWOW64\mmres.dll
C:\Windows\Cursors\aero_arrow.cur
C:\Windows\Cursors\aero_helpsel.cur
C:\Windows\Cursors\aero_link.cur
C:\Windows\Cursors\aero_working.ani
C:\Windows\Cursors\aero_busy.ani
C:\Windows\Cursors\aero_pen.cur
C:\Windows\Cursors\aero_unavail.cur
C:\Windows\Cursors\aero_ns.cur
C:\Windows\Cursors\aero_ew.cur
C:\Windows\Cursors\aero_nwse.cur
C:\Windows\Cursors\aero_nesw.cur
C:\Windows\Cursors\aero_move.cur
C:\Windows\Cursors\aero_up.cur
C:\Windows\System32\*.CPL
C:\Windows\sysnative\appwiz.cpl
C:\Windows\sysnative\bthprops.cpl
C:\Windows\sysnative\desk.cpl
C:\Windows\sysnative\Firewall.cpl
C:\Windows\sysnative\FlashPlayerCPLApp.cpl
C:\Windows\sysnative\hdwwiz.cpl
C:\Windows\sysnative\inetcpl.cpl
C:\Windows\sysnative\infocardcpl.cpl
C:\Windows\sysnative\intl.cpl
C:\Windows\sysnative\irprops.cpl
C:\Windows\sysnative\joy.cpl
C:\Windows\sysnative\main.cpl
C:\Windows\sysnative\mmsys.cpl
C:\Windows\sysnative\ncpa.cpl
C:\Windows\sysnative\powercfg.cpl
C:\Windows\sysnative\sysdm.cpl
C:\Windows\sysnative\telephon.cpl
C:\Windows\sysnative\timedate.cpl
C:\Windows\sysnative\wscui.cpl
C:\Program Files (x86)\Microsoft Office\Office14\MLCFG32.CPL
C:\Windows\sysnative\MLCFG32.CPL
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\System32\FlashPlayerCPLApp.cpl
C:\Windows\SysWOW64\netmsg.dll
C:\Windows\Temp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
C:\Windows\ServiceProfiles\NetworkService
C:\Windows\Fonts\staticcache.dat
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ndpsetup.bat
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ndpsetup.bat
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\shell32.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000052.db
C:\Users\test\Desktop\desktop.ini
C:\Windows\System32\rundll32.exe
C:\Windows\System32\shell32.dll
C:\Windows\System32\shell32.dll.123.Manifest
\Device\KsecDD
C:\Windows\System32\desk.cpl
C:\Windows\System32\desk.cpl.123.Manifest
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\System32\
C:\Windows\resources\Ease of Access Themes\basic.theme
C:\Windows\resources\Ease of Access Themes\classic.theme
C:\Windows\resources\Ease of Access Themes\hc1.theme
C:\Windows\resources\Ease of Access Themes\hc2.theme
C:\Windows\resources\Ease of Access Themes\hcblack.theme
C:\Windows\resources\Ease of Access Themes\hcwhite.theme
C:\Windows\resources\Themes\aero.theme
C:\Windows\resources\Themes\architecture.theme
C:\Windows\resources\Themes\characters.theme
C:\Windows\resources\Themes\landscapes.theme
C:\Windows\resources\Themes\nature.theme
C:\Windows\resources\Themes\scenes.theme
C:\Users\test\AppData\Local\Microsoft\Windows\Themes\Custom.theme
C:\Windows\Globalization\MCT\MCT-CN\Theme\CN.theme
C:\Users\test\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Windows\SysWOW64\mmres.dll
C:\Windows\Cursors\aero_arrow.cur
C:\Windows\Cursors\aero_helpsel.cur
C:\Windows\Cursors\aero_link.cur
C:\Windows\Cursors\aero_working.ani
C:\Windows\Cursors\aero_busy.ani
C:\Windows\Cursors\aero_pen.cur
C:\Windows\Cursors\aero_unavail.cur
C:\Windows\Cursors\aero_ns.cur
C:\Windows\Cursors\aero_ew.cur
C:\Windows\Cursors\aero_nwse.cur
C:\Windows\Cursors\aero_nesw.cur
C:\Windows\Cursors\aero_move.cur
C:\Windows\Cursors\aero_up.cur
C:\Windows\Resources\Themes\aero.theme
C:\Windows\SysWOW64\netmsg.dll
C:\Windows\Fonts\staticcache.dat
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\csrss.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_CLASSES_ROOT\.theme
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.theme\(Default)
HKEY_CLASSES_ROOT\.theme\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.theme\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.theme
HKEY_CLASSES_ROOT\themefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.theme
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.theme\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.theme\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.theme
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\DropTarget
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_CLASSES_ROOT\.adp
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_CLASSES_ROOT\.bas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.cer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_CLASSES_ROOT\.chm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_CLASSES_ROOT\.cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_CLASSES_ROOT\.com
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_CLASSES_ROOT\.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_CLASSES_ROOT\.crt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CLASSES_ROOT\.csh
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.fxp
HKEY_CLASSES_ROOT\.gadget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gadget\(Default)
HKEY_CLASSES_ROOT\.grp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.grp\(Default)
HKEY_CLASSES_ROOT\.hlp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp\(Default)
HKEY_CLASSES_ROOT\.hta
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hta\(Default)
HKEY_CLASSES_ROOT\.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inf\(Default)
HKEY_CLASSES_ROOT\.ins
HKEY_CLASSES_ROOT\.isp
HKEY_CLASSES_ROOT\.its
HKEY_CLASSES_ROOT\.js
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_CLASSES_ROOT\.jse
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.JSE\(Default)
HKEY_CLASSES_ROOT\.ksh
HKEY_CLASSES_ROOT\.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\(Default)
HKEY_CLASSES_ROOT\.mad
HKEY_CLASSES_ROOT\.maf
HKEY_CLASSES_ROOT\.mag
HKEY_CLASSES_ROOT\.mam
HKEY_CLASSES_ROOT\.maq
HKEY_CLASSES_ROOT\.mar
HKEY_CLASSES_ROOT\.mas
HKEY_CLASSES_ROOT\.mat
HKEY_CLASSES_ROOT\.mau
HKEY_CLASSES_ROOT\.mav
HKEY_CLASSES_ROOT\.maw
HKEY_CLASSES_ROOT\.mcf
HKEY_CLASSES_ROOT\.mda
HKEY_CLASSES_ROOT\.mdb
HKEY_CLASSES_ROOT\.mde
HKEY_CLASSES_ROOT\.mdt
HKEY_CLASSES_ROOT\.mdw
HKEY_CLASSES_ROOT\.mdz
HKEY_CLASSES_ROOT\.msc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msc\(Default)
HKEY_CLASSES_ROOT\.msh
HKEY_CLASSES_ROOT\.mshxml
HKEY_CLASSES_ROOT\.msi
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msi\(Default)
HKEY_CLASSES_ROOT\.msp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msp\(Default)
HKEY_CLASSES_ROOT\.mst
HKEY_CLASSES_ROOT\.ops
HKEY_CLASSES_ROOT\.pcd
HKEY_CLASSES_ROOT\.pif
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pif\(Default)
HKEY_CLASSES_ROOT\.pl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pl\(Default)
HKEY_CLASSES_ROOT\.prf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.prf\(Default)
HKEY_CLASSES_ROOT\.prg
HKEY_CLASSES_ROOT\.pst
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pst\(Default)
HKEY_CLASSES_ROOT\.reg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\(Default)
HKEY_CLASSES_ROOT\.scf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scf\(Default)
HKEY_CLASSES_ROOT\.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scr\(Default)
HKEY_CLASSES_ROOT\.sct
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sct\(Default)
HKEY_CLASSES_ROOT\.shb
HKEY_CLASSES_ROOT\.shs
HKEY_CLASSES_ROOT\.tmp
HKEY_CLASSES_ROOT\.url
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\(Default)
HKEY_CLASSES_ROOT\.vb
HKEY_CLASSES_ROOT\.vbe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.VBE\(Default)
HKEY_CLASSES_ROOT\.vbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\(Default)
HKEY_CLASSES_ROOT\.vsmacros
HKEY_CLASSES_ROOT\.ws
HKEY_CLASSES_ROOT\.wsc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wsc\(Default)
HKEY_CLASSES_ROOT\.wsf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WSF\(Default)
HKEY_CLASSES_ROOT\.wsh
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WSH\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\EditFlags
HKEY_CLASSES_ROOT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\EditFlags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\ExecutableTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\rundll32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\rundll32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\Progid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\themefile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\ddeexec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\NoWorkingDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\Legacy CPL Map\desk.cpl\@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Themes\aero.theme"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\Legacy CPL Map\desk.cpl
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\desk.cpl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\Desk
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\InstalledThemes\MCT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\CurrentTheme
HKEY_CURRENT_USER\Software\Microsoft\Plus!\Themes\Current
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_LOCAL_MACHINE\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\TileWallpaper
HKEY_CURRENT_USER\Control Panel\Desktop\WallpaperStyle
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ScreenSavers
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE
HKEY_CURRENT_USER\Control Panel\Appearance\Schemes
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\SelectedStyle
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\DisplayName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\AAF68885
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-854
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\SelectedSize
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-2019
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Icon Size
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Small Icon Size
HKEY_CURRENT_USER\Control Panel\Colors
HKEY_CURRENT_USER\Control Panel\Colors\MenuHilight
HKEY_CURRENT_USER\Control Panel\Colors\MenuBar
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\Current Settings
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\0\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-850
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\1
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\1\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-851
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\2
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\2\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-852
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\3
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\3\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-853
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Flat Menus
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #1
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #2
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #4
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #5
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #3
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #1
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #2
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #3
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #4
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #5
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #6
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #7
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #8
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #9
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #1
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #2
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #3
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #4
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #5
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #6
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #7
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #8
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #9
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #10
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #11
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #12
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #13
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #14
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #15
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #16
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #17
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #18
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #19
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #20
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #21
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #22
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #23
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #24
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #25
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #26
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #27
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #28
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #29
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #30
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Contrast
HKEY_CURRENT_USER\AppEvents\Schemes
HKEY_CURRENT_USER\AppEvents\Schemes\(Default)
HKEY_CURRENT_USER\AppEvents\Schemes\Names\.Default
HKEY_CURRENT_USER\AppEvents\Schemes\Names\.Default\(Default)
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@mmres.dll,-800
HKEY_CURRENT_USER\AppEvents\Schemes\Names
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\ThemeChangesDesktopIcons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\DefaultIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\DefaultIcon\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\DefaultIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\DefaultIcon\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon\full
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon\empty
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\ThemeChangesMousePointers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Personalization
HKEY_CURRENT_USER\Control Panel\Cursors
HKEY_CURRENT_USER\Control Panel\Cursors\Arrow
HKEY_CURRENT_USER\Control Panel\Cursors\Help
HKEY_CURRENT_USER\Control Panel\Cursors\Hand
HKEY_CURRENT_USER\Control Panel\Cursors\AppStarting
HKEY_CURRENT_USER\Control Panel\Cursors\Wait
HKEY_CURRENT_USER\Control Panel\Cursors\NWPen
HKEY_CURRENT_USER\Control Panel\Cursors\No
HKEY_CURRENT_USER\Control Panel\Cursors\SizeNS
HKEY_CURRENT_USER\Control Panel\Cursors\SizeWE
HKEY_CURRENT_USER\Control Panel\Cursors\Crosshair
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Default
HKEY_CURRENT_USER\Control Panel\Cursors\IBeam
HKEY_CURRENT_USER\Control Panel\Cursors\SizeNWSE
HKEY_CURRENT_USER\Control Panel\Cursors\SizeNESW
HKEY_CURRENT_USER\Control Panel\Cursors\SizeAll
HKEY_CURRENT_USER\Control Panel\Cursors\UpArrow
HKEY_CURRENT_USER\Control Panel\Cursors\Link
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\Legacy CPL Map\Microsoft.Personalization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\StartupPage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\rundll32.exe
HKEY_CLASSES_ROOT\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_CURRENT_USER\Control Panel\MMCPL
HKEY_CURRENT_USER\Control Panel\don't load
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\don't load
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Control Panel\don't load\FlashPlayerCPLApp.cpl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Control Panel\CPLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\CPLs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Control Panel\don't load\MLCFG32.CPL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Controls Folder (Wow64)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Controls Folder (Wow64)\Presentation LCID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Controls Folder (Wow64)\Presentation Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanelWOW64\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ControlPanelWOW64\NameSpace\{4299124F-F2C3-41b4-9C73-9236B2AD0E8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ControlPanelWOW64\NameSpace\{4299124F-F2C3-41b4-9C73-9236B2AD0E8F}\SuppressionPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanelWOW64\NameSpace
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanelWOW64\NameSpace\DelegateFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanelWOW64\NameSpace\DelegateFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ControlPanelWOW64\NameSpace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ControlPanelWOW64\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl
HKEY_CLASSES_ROOT\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\SortOrderIndex
HKEY_CLASSES_ROOT\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowWizardsTEST
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\ShowWizardsTEST
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\System.ApplicationName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\{F29F85E0-4FF9-1068-AB91-08002B27B3D9} 18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\System.Software.AppId
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\System.ApplicationName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\DoNotUnload
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Control Panel\DoNotUnload\desk.cpl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
HKEY_USERS\S-1-5-19
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\Volatile Environment
HKEY_USERS\S-1-5-19\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\WOW64
HKEY_USERS\S-1-5-20
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-20\Environment
HKEY_USERS\S-1-5-20\Volatile Environment
HKEY_USERS\S-1-5-20\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\SystemCritical
HKEY_CURRENT_USER\Software\Classes
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\svchost.exe
HKEY_USERS\.DEFAULT\Control Panel\International
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceMain
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Environment
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Volatile Environment
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\Composition
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\UseDPIScaling
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\AnimationsShiftKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\DisableDynamicShutdownUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\DisableLockingMemory
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DWM
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\DWM
HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\LastDisqualifiedCompositionSignature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGenServiceDebugLog
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client\Install
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DefaultVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ZapSet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v2.0.50727\NGenService\Roots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v2.0.50727\NGENService\State
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueue\WIN32\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueueMSI\WIN32\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenServiceDebugLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\Install
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DefaultVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\ZapSet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueue\WIN64\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueueMSI\WIN64\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.theme\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.theme\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.theme\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.theme
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gadget\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.grp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hta\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inf\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.JSE\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msc\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msi\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pif\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.prf\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pst\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scf\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scr\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sct\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.VBE\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wsc\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WSF\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WSH\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\ExecutableTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\NoWorkingDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\CurrentTheme
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CURRENT_USER\Control Panel\Desktop\TileWallpaper
HKEY_CURRENT_USER\Control Panel\Desktop\WallpaperStyle
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\SelectedStyle
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\DisplayName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-854
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\SelectedSize
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-2019
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Icon Size
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Small Icon Size
HKEY_CURRENT_USER\Control Panel\Colors\MenuHilight
HKEY_CURRENT_USER\Control Panel\Colors\MenuBar
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\0\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-850
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\1\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-851
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\2\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-852
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\3\DisplayName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-853
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Flat Menus
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #1
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #2
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #4
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #5
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Font #3
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #1
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #2
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #3
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #4
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #5
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #6
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #7
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #8
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Size #9
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #0
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #1
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #2
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #3
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #4
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #5
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #6
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #7
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #8
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #9
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #10
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #11
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #12
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #13
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #14
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #15
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #16
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #17
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #18
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #19
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #20
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #21
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #22
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #23
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #24
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #25
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #26
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #27
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #28
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #29
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Color #30
HKEY_CURRENT_USER\Control Panel\Appearance\New Schemes\4\Sizes\0\Contrast
HKEY_CURRENT_USER\AppEvents\Schemes\(Default)
HKEY_CURRENT_USER\AppEvents\Schemes\Names\.Default\(Default)
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@mmres.dll,-800
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\ThemeChangesDesktopIcons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\DefaultIcon\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\DefaultIcon\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon\full
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon\empty
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\ThemeChangesMousePointers
HKEY_CURRENT_USER\Control Panel\Cursors\Arrow
HKEY_CURRENT_USER\Control Panel\Cursors\Help
HKEY_CURRENT_USER\Control Panel\Cursors\Hand
HKEY_CURRENT_USER\Control Panel\Cursors\AppStarting
HKEY_CURRENT_USER\Control Panel\Cursors\Wait
HKEY_CURRENT_USER\Control Panel\Cursors\NWPen
HKEY_CURRENT_USER\Control Panel\Cursors\No
HKEY_CURRENT_USER\Control Panel\Cursors\SizeNS
HKEY_CURRENT_USER\Control Panel\Cursors\SizeWE
HKEY_CURRENT_USER\Control Panel\Cursors\Crosshair
HKEY_CURRENT_USER\Control Panel\Cursors\IBeam
HKEY_CURRENT_USER\Control Panel\Cursors\SizeNWSE
HKEY_CURRENT_USER\Control Panel\Cursors\SizeNESW
HKEY_CURRENT_USER\Control Panel\Cursors\SizeAll
HKEY_CURRENT_USER\Control Panel\Cursors\UpArrow
HKEY_CURRENT_USER\Control Panel\Cursors\Link
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\StartupPage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Control Panel\don't load\FlashPlayerCPLApp.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Control Panel\don't load\MLCFG32.CPL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Controls Folder (Wow64)\Presentation LCID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Controls Folder (Wow64)\Presentation Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ControlPanelWOW64\NameSpace\{4299124F-F2C3-41b4-9C73-9236B2AD0E8F}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\SortOrderIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowWizardsTEST
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\ShowWizardsTEST
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\System.ApplicationName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4299124F-F2C3-41B4-9C73-9236B2AD0E8F}\{F29F85E0-4FF9-1068-AB91-08002B27B3D9} 18
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Control Panel\DoNotUnload\desk.cpl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\RequiredPrivileges
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted\SystemCritical
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceMain
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms\Parameters\ServiceDllUnloadOnStop
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\Composition
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\UseDPIScaling
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\AnimationsShiftKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\DisableDynamicShutdownUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\DisableLockingMemory
HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM\LastDisqualifiedCompositionSignature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGenServiceDebugLog
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client\Install
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DefaultVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ZapSet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenServiceDebugLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\Install
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DefaultVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\ZapSet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-854
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-2019
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-850
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-851
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-852
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@themeui.dll,-853
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@mmres.dll,-800
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.VirtualProtect
kernel32.dll.LoadLibraryA
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.IsBadReadPtr
kernel32.dll.GetProcessHeap
kernel32.dll.FreeLibrary
kernel32.dll.HeapFree
kernel32.dll.HeapAlloc
kernel32.dll.HeapReAlloc
d3d11.dll.D3D11CreateDeviceAndSwapChain
dwmapi.dll.DwmIsCompositionEnabled
ole32.dll.OleInitialize
ole32.dll.CreateBindCtx
ole32.dll.CoTaskMemAlloc
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PSPropertyBag_WriteDWORD
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoGetMalloc
propsys.dll.PSPropertyBag_ReadDWORD
comctl32.dll.#320
ole32.dll.StringFromGUID2
comctl32.dll.#324
comctl32.dll.#323
advapi32.dll.RegEnumKeyW
oleaut32.dll.#2
propsys.dll.PSPropertyBag_ReadBSTR
propsys.dll.PSPropertyBag_ReadStrAlloc
shell32.dll.#102
advapi32.dll.OpenThreadToken
ole32.dll.CoInitializeEx
ole32.dll.CoCreateInstance
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#328
comctl32.dll.#334
comctl32.dll.#332
comctl32.dll.#338
comctl32.dll.#339
ole32.dll.CoUninitialize
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
propsys.dll.#430
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegGetValueW
advapi32.dll.RegCloseKey
ole32.dll.CoTaskMemRealloc
ole32.dll.CoAllowSetForegroundWindow
advapi32.dll.SaferiIsExecutableFileType
advapi32.dll.SaferGetPolicyInformation
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ntdll.dll.RtlDllShutdownInProgress
comctl32.dll.#329
ole32.dll.OleUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
oleaut32.dll.#500
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32First
kernel32.dll.Process32Next
kernel32.dll.CloseHandle
user32.dll.FindWindowA
user32.dll.ClientToScreen
user32.dll.GetClientRect
kernel32.dll.Module32First
kernel32.dll.Module32Next
kernel32.dll.OpenProcess
kernel32.dll.WriteProcessMemory
shlwapi.dll.StrToInt64ExA
kernel32.dll.VirtualQueryEx
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
shell32.dll.Control_RunDLLW
apphelp.dll.ApphelpCheckExe
desk.cpl.CPlApplet
comctl32.dll.InitCommonControls
comctl32.dll.#381
comctl32.dll.#341
comctl32.dll.CreatePropertySheetPageW
uxtheme.dll.#1
winsta.dll.WinStationIsSessionRemoteable
advapi32.dll.RegEnumValueW
propsys.dll.PSPropertyBag_WriteStr
propsys.dll.PropVariantChangeType
ole32.dll.PropVariantClear
oleaut32.dll.#7
uxtheme.dll.IsCompositionActive
uxtheme.dll.GetCurrentThemeName
oleaut32.dll.#9
user32.dll.IsProcessDPIAware
advapi32.dll.RegEnumKeyExW
comctl32.dll.#336
advapi32.dll.GetUserNameW
propsys.dll.PSGetNameFromPropertyKey
propsys.dll.PSStringFromPropertyKey
ole32.dll.CoCreateGuid
propsys.dll.VariantToString
slc.dll.SLGetWindowsInformationDWORD
comctl32.dll.#327
cryptsp.dll.CryptReleaseContext
rpcrt4.dll.I_RpcSNCHOption
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.ControlService
sechost.dll.CloseServiceHandle
sechost.dll.StartServiceW
sechost.dll.QueryServiceStatus
kernel32.dll.FlsGetValue
ole32.dll.CoInitializeSecurity
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
uxsms.dll.ServiceMain
uxsms.dll.SvchostPushServiceGlobals
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
wtsapi32.dll.WTSEnumerateSessionsW
winsta.dll.WinStationEnumerateW
advapi32.dll.CreateWellKnownSid
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall3
rpcrt4.dll.RpcBindingFree
winsta.dll.WinStationFreeMemory
wtsapi32.dll.WTSQueryUserToken
winsta.dll.WinStationQueryInformationW
userenv.dll.CreateEnvironmentBlock
sspicli.dll.GetUserNameExW
advapi32.dll.CreateProcessAsUserW
userenv.dll.DestroyEnvironmentBlock
wtsapi32.dll.WTSFreeMemory
advapi32.dll.RegQueryValueExW
advapi32.dll.RegisterEventSourceW
advapi32.dll.ReportEventW
advapi32.dll.DeregisterEventSource
gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName
gdi32.dll.D3DKMTCloseAdapter
gdi32.dll.D3DKMTQueryAdapterInfo
gdi32.dll.D3DKMTOpenAdapterFromDeviceName
setupapi.dll.SetupDiGetClassDevsW
setupapi.dll.SetupDiEnumDeviceInterfaces
setupapi.dll.SetupDiGetDeviceInterfaceDetailW
setupapi.dll.SetupDiDestroyDeviceInfoList
setupapi.dll.SetupDiGetDevicePropertyW
wintrust.dll.WinVerifyTrust
kernel32.dll.WerRegisterMemoryBlock
uxtheme.dll.ThemeInitApiHook
powrprof.dll.PowerSettingRegisterNotification
user32.dll.GetWindowThreadProcessId
user32.dll.GetWindowTextW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegQueryValueExA
gdi32.dll.GdiIsMetaPrintDC
advapi32.dll.StartServiceCtrlDispatcherW
advapi32.dll.RegisterServiceCtrlHandlerExW
advapi32.dll.SetServiceStatus
cmd /c sc config "UxSms" start= demand
cmd /c net stop "Desktop Window Manager Session Manager"
cmd /c net start "Desktop Window Manager Session Manager"
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Themes\aero.theme"
C:\Windows\Resources\Themes\aero.theme
sc config "UxSms" start= demand
net stop "Desktop Window Manager Session Manager"
net start "Desktop Window Manager Session Manager"
C:\Windows\system32\net1 start "Desktop Window Manager Session Manager"
C:\Windows\system32\net1 stop "Desktop Window Manager Session Manager"
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
Local\test{A82C030A-ED47-42FA-97A6-00186F63438A}
UxSms

PE 信息

初始地址 0x00400000
入口地址 0x0046fca4
声明校验值 0x00000000
实际校验值 0x000e17d4
最低操作系统版本要求 4.0
编译时间 2019-09-20 21:18:20
载入哈希 9b28aa647cbb0f89ce639e9f6208261e

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0008d796 0x0008e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x0008f000 0x0002ca10 0x0002d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.87
.data 0x000bc000 0x0003a60a 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.98
.rsrc 0x000f7000 0x00005938 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.81

导入

库: WINMM.dll:
0x48f638 midiStreamOut
0x48f640 waveOutWrite
0x48f644 waveOutPause
0x48f648 waveOutReset
0x48f64c waveOutClose
0x48f650 waveOutGetNumDevs
0x48f654 waveOutOpen
0x48f65c midiStreamOpen
0x48f660 midiStreamProperty
0x48f664 midiStreamStop
0x48f668 midiOutReset
0x48f66c midiStreamClose
0x48f670 midiStreamRestart
库: WS2_32.dll:
0x48f690 WSACleanup
0x48f694 closesocket
0x48f698 getpeername
0x48f69c accept
0x48f6a0 WSAAsyncSelect
0x48f6a4 recvfrom
0x48f6a8 ioctlsocket
0x48f6ac inet_ntoa
0x48f6b0 recv
库: KERNEL32.dll:
0x48f19c GetVersion
0x48f1a8 GetACP
0x48f1ac HeapSize
0x48f1b0 RaiseException
0x48f1b4 GetLocalTime
0x48f1b8 GetSystemTime
0x48f1bc RtlUnwind
0x48f1c0 GetStartupInfoA
0x48f1c4 GetOEMCP
0x48f1c8 GetCPInfo
0x48f1cc GetProcessVersion
0x48f1d0 SetErrorMode
0x48f1d4 GlobalFlags
0x48f1d8 GetCurrentThread
0x48f1dc GetFileTime
0x48f1e0 TlsGetValue
0x48f1e4 LocalReAlloc
0x48f1e8 TlsSetValue
0x48f1ec TlsFree
0x48f1f0 GlobalHandle
0x48f1f4 TlsAlloc
0x48f1f8 LocalAlloc
0x48f1fc lstrcmpA
0x48f200 GlobalGetAtomNameA
0x48f204 GlobalAddAtomA
0x48f208 GlobalFindAtomA
0x48f20c GlobalDeleteAtom
0x48f210 lstrcmpiA
0x48f214 SetEndOfFile
0x48f218 UnlockFile
0x48f21c LockFile
0x48f220 FlushFileBuffers
0x48f224 DuplicateHandle
0x48f228 lstrcpynA
0x48f234 LocalFree
0x48f240 SetLastError
0x48f244 TerminateProcess
0x48f248 GetFileSize
0x48f24c SetFilePointer
0x48f250 WideCharToMultiByte
0x48f254 MultiByteToWideChar
0x48f258 GetCurrentProcess
0x48f25c CreateSemaphoreA
0x48f260 ResumeThread
0x48f264 ReleaseSemaphore
0x48f270 GetProfileStringA
0x48f274 WriteFile
0x48f27c CreateFileA
0x48f280 SetEvent
0x48f284 FindResourceA
0x48f288 LoadResource
0x48f28c LockResource
0x48f290 ReadFile
0x48f294 GetModuleFileNameA
0x48f298 GetCurrentThreadId
0x48f29c ExitProcess
0x48f2a0 GlobalSize
0x48f2a4 GlobalFree
0x48f2b0 lstrcatA
0x48f2b4 InterlockedExchange
0x48f2b8 lstrlenA
0x48f2bc WinExec
0x48f2c0 lstrcpyA
0x48f2c4 FindNextFileA
0x48f2c8 GlobalReAlloc
0x48f2cc HeapFree
0x48f2d0 HeapReAlloc
0x48f2d4 GetProcessHeap
0x48f2d8 HeapAlloc
0x48f2dc GetFullPathNameA
0x48f2e0 FreeLibrary
0x48f2e4 LoadLibraryA
0x48f2e8 GetLastError
0x48f2ec GetVersionExA
0x48f2f4 CreateThread
0x48f2f8 CreateEventA
0x48f2fc Sleep
0x48f300 GlobalAlloc
0x48f304 GlobalLock
0x48f308 GlobalUnlock
0x48f30c FindFirstFileA
0x48f310 FindClose
0x48f314 GetFileAttributesA
0x48f320 GetModuleHandleA
0x48f324 GetProcAddress
0x48f328 MulDiv
0x48f32c GetCommandLineA
0x48f330 GetTickCount
0x48f334 CreateProcessA
0x48f338 WaitForSingleObject
0x48f33c CloseHandle
0x48f34c SetHandleCount
0x48f350 GetStdHandle
0x48f354 GetFileType
0x48f35c HeapDestroy
0x48f360 HeapCreate
0x48f364 VirtualFree
0x48f36c LCMapStringA
0x48f370 LCMapStringW
0x48f374 VirtualAlloc
0x48f378 IsBadWritePtr
0x48f380 GetStringTypeA
0x48f384 GetStringTypeW
0x48f388 CompareStringA
0x48f38c CompareStringW
0x48f390 IsBadReadPtr
0x48f394 IsBadCodePtr
0x48f398 SetStdHandle
库: USER32.dll:
0x48f3c8 IsZoomed
0x48f3cc GetClassInfoA
0x48f3d0 DefWindowProcA
0x48f3d4 GetSysColorBrush
0x48f3d8 ShowWindow
0x48f3e0 LoadImageA
0x48f3e8 ClientToScreen
0x48f3ec EnableMenuItem
0x48f3f0 GetSubMenu
0x48f3f4 GetDlgCtrlID
0x48f3fc CreateMenu
0x48f400 ModifyMenuA
0x48f404 AppendMenuA
0x48f408 CreatePopupMenu
0x48f40c DrawIconEx
0x48f41c SetRectEmpty
0x48f420 DispatchMessageA
0x48f424 GetMessageA
0x48f428 WindowFromPoint
0x48f42c DrawFocusRect
0x48f430 GetMenu
0x48f434 SetMenu
0x48f438 PeekMessageA
0x48f43c IsIconic
0x48f440 SetFocus
0x48f444 GetActiveWindow
0x48f448 GetWindow
0x48f44c DrawEdge
0x48f450 SetWindowRgn
0x48f454 GetMessagePos
0x48f458 ScreenToClient
0x48f460 CopyRect
0x48f464 LoadBitmapA
0x48f468 WinHelpA
0x48f46c KillTimer
0x48f470 SetTimer
0x48f474 ReleaseCapture
0x48f478 GetCapture
0x48f47c LoadStringA
0x48f484 GetMenuState
0x48f488 SetMenuItemBitmaps
0x48f48c SetCapture
0x48f490 GetScrollRange
0x48f494 SetScrollRange
0x48f498 PostQuitMessage
0x48f49c SetRect
0x48f4a0 InflateRect
0x48f4a4 IntersectRect
0x48f4a8 DestroyIcon
0x48f4ac PtInRect
0x48f4b0 OffsetRect
0x48f4b4 IsWindowVisible
0x48f4b8 EnableWindow
0x48f4bc RedrawWindow
0x48f4c0 GetWindowLongA
0x48f4c4 SetWindowLongA
0x48f4c8 GetSysColor
0x48f4cc SetActiveWindow
0x48f4d0 SetCursorPos
0x48f4d4 LoadCursorA
0x48f4d8 SetCursor
0x48f4dc GetDC
0x48f4e0 FillRect
0x48f4e4 IsRectEmpty
0x48f4e8 ReleaseDC
0x48f4ec IsChild
0x48f4f0 DestroyMenu
0x48f4f4 SetForegroundWindow
0x48f4f8 GetWindowRect
0x48f4fc EqualRect
0x48f500 UpdateWindow
0x48f504 ValidateRect
0x48f508 InvalidateRect
0x48f50c GetClientRect
0x48f510 GetFocus
0x48f514 GetParent
0x48f518 GetTopWindow
0x48f51c PostMessageA
0x48f520 IsWindow
0x48f524 SetParent
0x48f528 DestroyCursor
0x48f52c SendMessageA
0x48f530 SetWindowPos
0x48f534 MessageBoxA
0x48f538 GetCursorPos
0x48f53c GetSystemMetrics
0x48f540 EmptyClipboard
0x48f544 SetClipboardData
0x48f548 OpenClipboard
0x48f54c GetClipboardData
0x48f550 CloseClipboard
0x48f554 wsprintfA
0x48f558 WaitForInputIdle
0x48f55c DrawFrameControl
0x48f560 TranslateMessage
0x48f564 LoadIconA
0x48f568 CallWindowProcA
0x48f56c CreateWindowExA
0x48f570 UnregisterHotKey
0x48f574 GetForegroundWindow
0x48f578 GetDesktopWindow
0x48f57c GetClassNameA
0x48f580 GetDlgItem
0x48f584 GetWindowTextA
0x48f58c GetKeyState
0x48f594 SetScrollPos
0x48f598 IsWindowEnabled
0x48f5a0 UnregisterClassA
0x48f5a4 RegisterHotKey
0x48f5ac CharUpperA
0x48f5b0 GetWindowDC
0x48f5b4 BeginPaint
0x48f5b8 EndPaint
0x48f5bc TabbedTextOutA
0x48f5c0 DrawTextA
0x48f5c4 GrayStringA
0x48f5c8 DestroyWindow
0x48f5d0 EndDialog
0x48f5d4 GetNextDlgTabItem
0x48f5d8 GetWindowPlacement
0x48f5e0 GetLastActivePopup
0x48f5e4 GetMessageTime
0x48f5e8 RemovePropA
0x48f5ec GetPropA
0x48f5f0 UnhookWindowsHookEx
0x48f5f4 SetPropA
0x48f5f8 GetClassLongA
0x48f5fc CallNextHookEx
0x48f600 SetWindowsHookExA
0x48f604 GetMenuItemID
0x48f608 GetMenuItemCount
0x48f60c RegisterClassA
0x48f610 GetScrollPos
0x48f614 AdjustWindowRectEx
0x48f618 MapWindowPoints
0x48f61c SendDlgItemMessageA
0x48f620 ScrollWindowEx
0x48f624 IsDialogMessageA
0x48f628 SetWindowTextA
0x48f62c MoveWindow
0x48f630 CheckMenuItem
库: GDI32.dll:
0x48f044 LineTo
0x48f048 MoveToEx
0x48f04c ExcludeClipRect
0x48f050 CreateBitmap
0x48f054 SelectObject
0x48f058 GetObjectA
0x48f05c CreatePen
0x48f060 PatBlt
0x48f064 CombineRgn
0x48f068 CreateRectRgn
0x48f06c FillRgn
0x48f070 CreateSolidBrush
0x48f074 GetStockObject
0x48f078 CreateFontIndirectA
0x48f07c EndPage
0x48f080 EndDoc
0x48f084 DeleteDC
0x48f088 StartDocA
0x48f08c StartPage
0x48f090 BitBlt
0x48f094 CreateCompatibleDC
0x48f098 ExtSelectClipRgn
0x48f09c Ellipse
0x48f0a0 Rectangle
0x48f0a4 LPtoDP
0x48f0a8 DPtoLP
0x48f0ac GetCurrentObject
0x48f0b0 RoundRect
0x48f0b8 GetDeviceCaps
0x48f0bc SetBkColor
0x48f0c0 CreateFontA
0x48f0c8 GetClipBox
0x48f0cc ScaleWindowExtEx
0x48f0d0 SetWindowExtEx
0x48f0d4 SetWindowOrgEx
0x48f0d8 ScaleViewportExtEx
0x48f0dc SetViewportExtEx
0x48f0e0 OffsetViewportOrgEx
0x48f0e4 SetViewportOrgEx
0x48f0e8 SetMapMode
0x48f0ec SetTextColor
0x48f0f0 SetROP2
0x48f0f4 GetViewportExtEx
0x48f0f8 PtVisible
0x48f0fc RectVisible
0x48f100 TextOutA
0x48f104 ExtTextOutA
0x48f108 Escape
0x48f10c GetTextMetricsA
0x48f110 CreateDCA
0x48f118 GetPolyFillMode
0x48f11c GetStretchBltMode
0x48f120 GetROP2
0x48f124 GetBkColor
0x48f128 GetBkMode
0x48f12c GetTextColor
0x48f130 CreateRoundRectRgn
0x48f134 CreateEllipticRgn
0x48f138 PathToRegion
0x48f13c EndPath
0x48f140 BeginPath
0x48f144 SetPolyFillMode
0x48f148 SetBkMode
0x48f14c RestoreDC
0x48f150 SaveDC
0x48f154 GetWindowOrgEx
0x48f158 GetViewportOrgEx
0x48f15c GetWindowExtEx
0x48f160 GetDIBits
0x48f164 RealizePalette
0x48f168 SelectPalette
0x48f16c StretchBlt
0x48f170 CreatePalette
0x48f178 CreateDIBitmap
0x48f17c DeleteObject
0x48f180 SelectClipRgn
0x48f184 CreatePolygonRgn
0x48f18c SetStretchBltMode
0x48f190 GetClipRgn
库: WINSPOOL.DRV:
0x48f680 OpenPrinterA
0x48f684 DocumentPropertiesA
0x48f688 ClosePrinter
库: ADVAPI32.dll:
0x48f000 RegOpenKeyExA
0x48f004 RegSetValueExA
0x48f008 RegQueryValueA
0x48f00c RegCreateKeyExA
0x48f010 RegCloseKey
库: SHELL32.dll:
0x48f3b0 DragQueryFileA
0x48f3b4 ShellExecuteA
0x48f3b8 Shell_NotifyIconA
0x48f3bc DragAcceptFiles
0x48f3c0 DragFinish
库: ole32.dll:
0x48f6cc CLSIDFromString
0x48f6d0 OleUninitialize
0x48f6d4 OleInitialize
库: OLEAUT32.dll:
0x48f3a0 LoadTypeLib
0x48f3a4 RegisterTypeLib
0x48f3a8 UnRegisterTypeLib
库: COMCTL32.dll:
0x48f018 ImageList_Add
0x48f01c ImageList_BeginDrag
0x48f020 ImageList_Create
0x48f024 ImageList_Destroy
0x48f028 ImageList_DragEnter
0x48f02c ImageList_DragLeave
0x48f030 ImageList_DragMove
0x48f038 ImageList_EndDrag
0x48f03c None
库: comdlg32.dll:
0x48f6b8 ChooseColorA
0x48f6bc GetFileTitleA
0x48f6c0 GetSaveFileNameA
0x48f6c4 GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
VWQPh(
8`}<j
T$th
D$@Sj
L$8h
D$8Rj
l$<VWj
没有防病毒引擎扫描信息!

进程树


csrss.exe, PID: 2476, 上一级进程 PID: 2332
cmd.exe, PID: 2532, 上一级进程 PID: 2476
sc.exe, PID: 2608, 上一级进程 PID: 2532
cmd.exe, PID: 2664, 上一级进程 PID: 2476
cmd.exe, PID: 2736, 上一级进程 PID: 2476
cmd.exe, PID: 2916, 上一级进程 PID: 2476
net.exe, PID: 2840, 上一级进程 PID: 2736
net.exe, PID: 2752, 上一级进程 PID: 2664
cmd.exe, PID: 2988, 上一级进程 PID: 2476
net.exe, PID: 2996, 上一级进程 PID: 2916
rundll32.exe, PID: 2880, 上一级进程 PID: 2476
rundll32.exe, PID: 3060, 上一级进程 PID: 2476
net.exe, PID: 2560, 上一级进程 PID: 2988
cmd.exe, PID: 2640, 上一级进程 PID: 2476
net1.exe, PID: 2172, 上一级进程 PID: 2560
net1.exe, PID: 2624, 上一级进程 PID: 2996
net1.exe, PID: 2552, 上一级进程 PID: 2840
net1.exe, PID: 2628, 上一级进程 PID: 2752
cmd.exe, PID: 2456, 上一级进程 PID: 2476
net.exe, PID: 2448, 上一级进程 PID: 2640
net1.exe, PID: 2836, 上一级进程 PID: 2448
net.exe, PID: 2940, 上一级进程 PID: 2456
net1.exe, PID: 3164, 上一级进程 PID: 2940
services.exe, PID: 428, 上一级进程 PID: 332
svchost.exe, PID: 3592, 上一级进程 PID: 428
dwm.exe, PID: 3708, 上一级进程 PID: 3592
mscorsvw.exe, PID: 2932, 上一级进程 PID: 428
mscorsvw.exe, PID: 2728, 上一级进程 PID: 428

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
51.143.111.81 未知 英国

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
watson.microsoft.com CNAME legacy.umwatson.trafficmanager.net
A 51.143.111.81

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 36.329 seconds )

  • 15.718 Suricata
  • 11.484 NetworkAnalysis
  • 4.065 Static
  • 2.258 VirusTotal
  • 1.724 BehaviorAnalysis
  • 0.483 TargetInfo
  • 0.447 peid
  • 0.128 AnalysisInfo
  • 0.017 Strings
  • 0.003 Memory
  • 0.002 config_decoder

Signatures ( 0.953 seconds )

  • 0.144 antiav_detectreg
  • 0.081 api_spamming
  • 0.069 stealth_timeout
  • 0.061 stealth_decoy_document
  • 0.055 infostealer_ftp
  • 0.032 infostealer_im
  • 0.029 antianalysis_detectreg
  • 0.023 mimics_filetime
  • 0.021 md_domain_bl
  • 0.02 reads_self
  • 0.02 antivm_generic_scsi
  • 0.02 md_url_bl
  • 0.019 virus
  • 0.018 stealth_file
  • 0.018 antivm_generic_disk
  • 0.017 infostealer_mail
  • 0.015 bootkit
  • 0.015 antiav_detectfile
  • 0.013 hancitor_behavior
  • 0.011 antivm_generic_services
  • 0.011 anormaly_invoke_kills
  • 0.011 infostealer_bitcoin
  • 0.01 shifu_behavior
  • 0.008 anomaly_persistence_autorun
  • 0.008 kibex_behavior
  • 0.008 antivm_xen_keys
  • 0.008 ransomware_extensions
  • 0.007 injection_createremotethread
  • 0.007 betabot_behavior
  • 0.007 geodo_banking_trojan
  • 0.007 darkcomet_regkeys
  • 0.007 ransomware_files
  • 0.006 antivm_vbox_libs
  • 0.006 infostealer_browser_password
  • 0.006 kovter_behavior
  • 0.006 antivm_parallels_keys
  • 0.006 antivm_vbox_files
  • 0.006 recon_fingerprint
  • 0.005 antiemu_wine_func
  • 0.005 antivm_generic_diskreg
  • 0.004 infostealer_browser
  • 0.004 injection_runpe
  • 0.004 antisandbox_productid
  • 0.004 disables_browser_warn
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 maldun_anomaly_massive_file_ops
  • 0.003 exec_crash
  • 0.003 packer_armadillo_regkey
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 antiav_avast_libs
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 cerber_behavior
  • 0.002 bypass_firewall
  • 0.002 antidbg_devices
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_system
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_anormaly_invoke_vb_vba
  • 0.002 md_bad_drop
  • 0.002 recon_programs
  • 0.001 hawkeye_behavior
  • 0.001 antivm_vmware_libs
  • 0.001 process_interest
  • 0.001 antisandbox_sleep
  • 0.001 injection_explorer
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 ipc_namedpipe
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 antidbg_windows
  • 0.001 vawtrak_behavior
  • 0.001 process_needed
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 dropper
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 maldun_network_blacklist
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.954 seconds )

  • 0.93 ReportHTMLSummary
  • 0.024 Malheur
Task ID 378335
Mongo ID 5d84d3752f8f2e1710c660e2
Cuckoo release 1.4-Maldun