魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2021-06-18 23:57:57	2021-06-18 23:58:56	59 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp03-1	win7-sp1-x64-shaapp03-1	KVM	2021-06-18 23:57:57	2021-06-18 23:58:57

魔盾分数
10.0 恶意的

文件详细信息

文件名	NULLspoofer2-H121jun.exe
文件大小	496640 字节
文件类型	PE32+ executable (console) x86-64, for MS Windows
CRC32	BD83210B
MD5	7da236c9a2504e50b85495e05e0d596b
SHA1	505740e074c61557d620071403e5300da5ad4fa8
SHA256	69f79cb0af645aa6df50c36bde972d54156b0dbac5b2789cea9bfb1f681a5ea3
SHA512	5ff023936312c1f52eae240b6a35be1c74147d0a973b2ddf227269a23252b5b089aa160b46abd64ba90575861f926e49215d7e3818a5cb3edc298cb4d3fab75e
Ssdeep	12288:9tzE5elwLz9TrQGs2Bf0A/gPjq2NoZMGaidfKV/Cte6VKW4PWY9E:9tA4KdTcGsyJgPjq6HVG5KWpY9E
PEiD	无匹配
Yara	CRC32_poly_Constant (Look for CRC32 [poly]) CRC32_table (Look for CRC32 table) MD5_Constants (Look for MD5 constants) RIPEMD160_Constants (Look for RIPEMD-160 constants) SHA1_Constants (Look for SHA1 constants) IsPE64 (Detected a 64bit PE sample) IsConsole (Detected a console program sample) IsPacked (Detected Entropy signature) DebuggerException__SetConsoleCtrl () SEH__vectored () create_process (Detection function for creating a new process) win_files_operation (Affect private profile) Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
VirusTotal	VirusTotal查询失败

特征

通过进程尝试延迟分析任务

Process: more.exe tried to sleep 65 seconds, actually delayed analysis time by 0 seconds

Process: WMIC.exe tried to sleep 120 seconds, actually delayed analysis time by 0 seconds

创建RWX内存

可能进行了时间有效期检查，检查本地时间后过早退出

可疑的样本异常终止

二进制文件可能包含加密或压缩数据

section: name: .rsrc, entropy: 7.87, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0005b200, virtual_size: 0x0005b1c4

魔盾安全Yara规则检测结果 - 安全告警

Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

从磁盘上删除自身的原始二进制

强制将一个创建的进程加载为另一个不相关进程的子进程

process: C:\Windows\sysnative\cmd.exe, PID 2760

提取Windows产品ID, 可能被用来寻找沙盒指纹信息

检测到样本尝试异常命令

Anomaly: C:\Windows\System32\Wbem\WMIC.exe wmic path win32_diskdrive get SerialNumber executed

Anomaly: "C:\Windows\system32\cmd" /c "C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat C:\Users\test\AppData\Local\Temp\NULLspoofer2-H121jun.exe" executed

收集信息以计算系统信息指纹(MachineGuid, DigitalProductId, SystemBiosDate)

样本投放可执行文件到临时目录然后抹除然后抹除

Anomaly: C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\extd.exe deleted

Anomaly: C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat deleted

可能是恶意的样本写入可疑的执行文件并混淆扩展名

Suspicious: c:\users\test\appdata\local\temp\dc69.tmp\dc6a.tmp\dc7b.bat

运行截图

网络分析

域名解析

域名	响应
acroipm.adobe.com	CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 104.91.68.27 A 104.91.68.75

TCP连接

IP地址	端口
104.91.68.27	80

UDP连接

IP地址	端口
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x140000000
入口地址	0x140001000
声明校验值	0x00000000
实际校验值	0x00086e19
最低操作系统版本要求	4.0
编译时间	2019-07-30 16:52:08
载入哈希	f326f88ca83c9aacaa44acfb8884f1d4
图标
图标精确哈希值	5a44d0533a2324e912c71da4e8604ce3
图标相似性哈希值	cadc1e965f2dcb0cda620ba7c3eef151

版本信息

InternalName:	beta2
FileDescription:	beta2
ProductName:	beta2
Translation:	0x0000 0x04e4

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.code	0x00001000	0x00005b79	0x00005c00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.51
.text	0x00007000	0x00010d25	0x00010e00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.35
.rdata	0x00018000	0x00004b9d	0x00004c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.69
.pdata	0x0001d000	0x00001140	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.00
.data	0x0001f000	0x000023b8	0x00001600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.39
.rsrc	0x00022000	0x0005b1c4	0x0005b200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.87

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x000224ec	0x000366d0	LANG_NEUTRAL	SUBLANG_NEUTRAL	7.67	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_RCDATA	0x0006cd00	0x000100a7	LANG_NEUTRAL	SUBLANG_NEUTRAL	8.00	data
RT_GROUP_ICON	0x0007cda8	0x00000014	LANG_NEUTRAL	SUBLANG_NEUTRAL	1.77	MS Windows icon resource - 1 icon, 256x256
RT_VERSION	0x0007cdbc	0x00000168	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.01	data
RT_MANIFEST	0x0007cf24	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.09	XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库 msvcrt.dll:

• 0x14001f6c8 - memset

• 0x14001f6d0 - wcsncmp

• 0x14001f6d8 - memmove

• 0x14001f6e0 - wcsncpy

• 0x14001f6e8 - wcsstr

• 0x14001f6f0 - _wcsnicmp

• 0x14001f6f8 - _wcsdup

• 0x14001f700 - free

• 0x14001f708 - _wcsicmp

• 0x14001f710 - wcslen

• 0x14001f718 - wcscpy

• 0x14001f720 - wcscmp

• 0x14001f728 - wcscat

• 0x14001f730 - memcpy

• 0x14001f738 - tolower

• 0x14001f740 - malloc

库 KERNEL32.dll:

• 0x14001f750 - GetModuleHandleW

• 0x14001f758 - HeapCreate

• 0x14001f760 - GetStdHandle

• 0x14001f768 - SetConsoleCtrlHandler

• 0x14001f770 - HeapDestroy

• 0x14001f778 - ExitProcess

• 0x14001f780 - WriteFile

• 0x14001f788 - GetTempFileNameW

• 0x14001f790 - LoadLibraryExW

• 0x14001f798 - EnumResourceTypesW

• 0x14001f7a0 - FreeLibrary

• 0x14001f7a8 - RemoveDirectoryW

• 0x14001f7b0 - EnumResourceNamesW

• 0x14001f7b8 - GetCommandLineW

• 0x14001f7c0 - LoadResource

• 0x14001f7c8 - SizeofResource

• 0x14001f7d0 - FreeResource

• 0x14001f7d8 - FindResourceW

• 0x14001f7e0 - GetShortPathNameW

• 0x14001f7e8 - GetSystemDirectoryW

• 0x14001f7f0 - EnterCriticalSection

• 0x14001f7f8 - CloseHandle

• 0x14001f800 - LeaveCriticalSection

• 0x14001f808 - InitializeCriticalSection

• 0x14001f810 - WaitForSingleObject

• 0x14001f818 - TerminateThread

• 0x14001f820 - CreateThread

• 0x14001f828 - Sleep

• 0x14001f830 - WideCharToMultiByte

• 0x14001f838 - HeapAlloc

• 0x14001f840 - HeapFree

• 0x14001f848 - LoadLibraryW

• 0x14001f850 - GetProcAddress

• 0x14001f858 - GetCurrentProcessId

• 0x14001f860 - GetCurrentThreadId

• 0x14001f868 - GetModuleFileNameW

• 0x14001f870 - PeekNamedPipe

• 0x14001f878 - TerminateProcess

• 0x14001f880 - GetEnvironmentVariableW

• 0x14001f888 - SetEnvironmentVariableW

• 0x14001f890 - GetCurrentProcess

• 0x14001f898 - DuplicateHandle

• 0x14001f8a0 - CreatePipe

• 0x14001f8a8 - CreateProcessW

• 0x14001f8b0 - GetExitCodeProcess

• 0x14001f8b8 - RtlLookupFunctionEntry

• 0x14001f8c0 - RtlVirtualUnwind

• 0x14001f8c8 - RemoveVectoredExceptionHandler

• 0x14001f8d0 - AddVectoredExceptionHandler

• 0x14001f8d8 - HeapSize

• 0x14001f8e0 - MultiByteToWideChar

• 0x14001f8e8 - CreateDirectoryW

• 0x14001f8f0 - SetFileAttributesW

• 0x14001f8f8 - GetTempPathW

• 0x14001f900 - DeleteFileW

• 0x14001f908 - GetCurrentDirectoryW

• 0x14001f910 - SetCurrentDirectoryW

• 0x14001f918 - CreateFileW

• 0x14001f920 - SetFilePointer

• 0x14001f928 - TlsFree

• 0x14001f930 - TlsGetValue

• 0x14001f938 - TlsSetValue

• 0x14001f940 - TlsAlloc

• 0x14001f948 - HeapReAlloc

• 0x14001f950 - DeleteCriticalSection

• 0x14001f958 - GetLastError

• 0x14001f960 - SetLastError

• 0x14001f968 - UnregisterWait

• 0x14001f970 - GetCurrentThread

• 0x14001f978 - RegisterWaitForSingleObject

库 SHELL32.DLL:

• 0x14001f988 - ShellExecuteExW

• 0x14001f990 - SHGetFolderLocation

• 0x14001f998 - SHGetPathFromIDListW

库 WINMM.DLL:

• 0x14001f9a8 - timeBeginPeriod

库 OLE32.DLL:

• 0x14001f9b8 - CoInitialize

• 0x14001f9c0 - CoTaskMemFree

库 SHLWAPI.DLL:

• 0x14001f9d0 - PathAddBackslashW

• 0x14001f9d8 - PathRenameExtensionW

• 0x14001f9e0 - PathQuoteSpacesW

• 0x14001f9e8 - PathRemoveArgsW

• 0x14001f9f0 - PathRemoveBackslashW

库 USER32.DLL:

• 0x14001fa00 - CharUpperW

• 0x14001fa08 - CharLowerW

• 0x14001fa10 - MessageBoxW

• 0x14001fa18 - DefWindowProcW

• 0x14001fa20 - GetWindowLongPtrW

• 0x14001fa28 - GetWindowTextLengthW

• 0x14001fa30 - GetWindowTextW

• 0x14001fa38 - EnableWindow

• 0x14001fa40 - DestroyWindow

• 0x14001fa48 - UnregisterClassW

• 0x14001fa50 - LoadIconW

• 0x14001fa58 - LoadCursorW

• 0x14001fa60 - RegisterClassExW

• 0x14001fa68 - IsWindowEnabled

• 0x14001fa70 - GetSystemMetrics

• 0x14001fa78 - CreateWindowExW

• 0x14001fa80 - SetWindowLongPtrW

• 0x14001fa88 - SendMessageW

• 0x14001fa90 - SetFocus

• 0x14001fa98 - CreateAcceleratorTableW

• 0x14001faa0 - SetForegroundWindow

• 0x14001faa8 - BringWindowToTop

• 0x14001fab0 - GetMessageW

• 0x14001fab8 - TranslateAcceleratorW

• 0x14001fac0 - TranslateMessage

• 0x14001fac8 - DispatchMessageW

• 0x14001fad0 - DestroyAcceleratorTable

• 0x14001fad8 - PostMessageW

• 0x14001fae0 - GetForegroundWindow

• 0x14001fae8 - GetWindowThreadProcessId

• 0x14001faf0 - IsWindowVisible

• 0x14001faf8 - EnumWindows

• 0x14001fb00 - SetWindowPos

库 GDI32.DLL:

• 0x14001fb10 - GetStockObject

库 COMCTL32.DLL:

• 0x14001fb20 - InitCommonControlsEx

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息

执行的命令

"C:\Windows\system32\cmd" /c "C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat C:\Users\test\AppData\Local\Temp\NULLspoofer2-H121jun.exe"
C:\Windows\System32\Wbem\WMIC.exe wmic path win32_diskdrive get SerialNumber
4u21H1mapper.exe NULL2.sys
PING localhost -n 3
more.exe
C:\Windows\system32\cmd.exe /c Msg * /TIME:21 Please give me approx 20 seconds to finish my task, don't touch anything until I close.
C:\Windows\system32\msg.exe Msg * /TIME:21 Please give me approx 20 seconds to finish my task, don't touch anything until I close.

创建的服务 无信息

启动的服务 无信息

进程

NULLspoofer2-H121jun.exe PID: 2500, 上一级进程 PID: 2172

cmd.exe PID: 2760, 上一级进程 PID: 2500

WMIC.exe PID: 2820, 上一级进程 PID: 2760

PING.EXE PID: 3008, 上一级进程 PID: 2760

WMIC.exe PID: 2272, 上一级进程 PID: 2760

PING.EXE PID: 2520, 上一级进程 PID: 2760

more.exe PID: 2880, 上一级进程 PID: 2760

PING.EXE PID: 2912, 上一级进程 PID: 2760

cmd.exe PID: 3004, 上一级进程 PID: 2880

msg.exe PID: 972, 上一级进程 PID: 3004

PING.EXE PID: 2824, 上一级进程 PID: 2760

访问的文件

\Device\KsecDD
C:\Users\test\AppData\Local\Temp\NULLspoofer2-H121jun.exe
C:\Users\test\AppData\Local\Temp\
C:\Users
C:\Users\test
C:\Users\test\AppData
C:\Users\test\AppData\Local
C:\Users\test\AppData\Local\Temp
C:\Users\test\AppData\Local\Temp\DC69.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC8B.tmp
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Roaming
C:\Windows\sysnative\shell32.dll
C:\
C:\Users\test\AppData\Local\Microsoft\Windows\Caches
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000052.db
C:\Users\desktop.ini
C:\Users\test\Desktop\desktop.ini
C:\Users\test\AppData\Roaming\
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\extd.exe
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat
C:\Users\test\AppData\Roaming\more.exe
\??\MountPointManager
C:\Users\test\AppData\Roaming\NULL2.sys
C:\Users\test\AppData\Roaming\4u21H1mapper.exe
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat C:\Users\test\AppData\Local\Temp\NULLspoofer2-H121jun.exe
C:\Users\test\AppData\Roaming\echo..*
C:\Users\test\AppData\Roaming\echo
C:\ProgramData\Oracle\Java\javapath\echo..*
C:\ProgramData\Oracle\Java\javapath\echo
C:\Windows\sysnative\echo..*
C:\Windows\sysnative\echo
C:\Windows\echo..*
C:\Windows\echo
C:\Windows\sysnative\wbem\echo..*
C:\Windows\sysnative\wbem\echo
C:\Windows\sysnative\WindowsPowerShell\v1.0\echo..*
C:\Windows\sysnative\WindowsPowerShell\v1.0\echo
C:\Program Files (x86)\WinRAR\echo..*
C:\Program Files (x86)\WinRAR\echo
C:\Users\test\AppData\Roaming\wmic.*
C:\Users\test\AppData\Roaming\wmic
C:\ProgramData\Oracle\Java\javapath\wmic.*
C:\ProgramData\Oracle\Java\javapath\wmic
C:\Windows\sysnative\wmic.*
C:\Windows\sysnative\wmic
C:\Windows\wmic.*
C:\Windows\wmic
C:\Windows\sysnative\wbem\wmic.*
C:\Windows\sysnative\wbem\WMIC.COM
C:\Windows\sysnative\wbem\WMIC.exe
C:\Users\test\AppData\Roaming\PING.*
C:\Users\test\AppData\Roaming\PING
C:\ProgramData\Oracle\Java\javapath\PING.*
C:\ProgramData\Oracle\Java\javapath\PING
C:\Windows\sysnative\PING.*
C:\Windows\sysnative\PING.COM
C:\Windows\sysnative\PING.EXE
\??\NUL
C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
C:\Windows\sysnative\wbem\XSL-Mappings.xml
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\sysnative\wbem\WMIC.exe.Local\
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\sysnative\wbem\texttable.xsl
C:\Windows\sysnative\msxml3.dll\1
C:\Windows\sysnative\msxml3.dll
C:\Windows\sysnative\stdole2.tlb
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\cmd.exe
C:\Users\test\AppData\Local\Temp\*
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\CbsProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\CompatProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismCore.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismCorePS.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismHost.exe
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismProv.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DmiProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\CbsProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\CompatProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\DmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\IntlProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\OSProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\SmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\UnattendProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\WimProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\FolderProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\IntlProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\LogProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\MsiProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\OSProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\SmiProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\TransmogProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\UnattendProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\wdscore.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\WimProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\CbsProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\CompatProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\DismCore.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\DismProv.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\DmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\FolderProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\IntlProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\LogProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\MsiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\OSProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\SmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\TransmogProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\UnattendProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\WimProvider.dll.mui
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\sysnative\ntshrui.dll
C:\Program Files (x86)\WinSCP\DragExt64.dll
C:\Users\test\AppData\Local\Temp\A9REE26.tmp
C:\Users\test\AppData\Local\Temp\acrord32_sbx
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Cookies
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Cookies\index.dat
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History\History.IE5
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History\History.IE5\index.dat
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\BBK4MUC4
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\BBK4MUC4\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GBQ0628Z
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GBQ0628Z\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\S3355F3U
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\S3355F3U\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\WAPAO0VX
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\WAPAO0VX\desktop.ini
C:\Users\test\AppData\Local\Temp\AdobeARM.log
C:\Users\test\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-1.dll
C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\test\AppData\Local\Temp\CVR9481.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVR9AE7.tmp
C:\Users\test\AppData\Local\Temp\CVR9AE7.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVR9C1F.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVR9FF6.tmp
C:\Users\test\AppData\Local\Temp\CVRD641.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVRDA47.tmp.cvr
C:\Users\test\AppData\Local\Temp\ext-ms-win-kernel32-package-current-l1-1-0.dll
C:\Users\test\AppData\Local\Temp\FXSAPIDebugLogFile.txt
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
C:\Users\test\AppData\Local\Temp\Low
C:\Users\test\AppData\Local\Temp\mscoree.dll
C:\Users\test\AppData\Local\Temp\msdtadmin
C:\Users\test\AppData\Local\Temp\msdtadmin\_D2A32820-A20D-4B68-BD10-AF8AF057A291_
C:\Users\test\AppData\Local\Temp\msdtadmin\_D2A32820-A20D-4B68-BD10-AF8AF057A291_\inuse
C:\Users\test\AppData\Local\Temp\svchost.exe
C:\Users\test\AppData\Local\Temp\VBE
C:\Users\test\AppData\Local\Temp\WPDNSE
C:\Users\test\AppData\Local\Temp\~DF04035F6128F6BD66.TMP
C:\Users\test\AppData\Local\Temp\~DF2D1C4B8D3AF05322.TMP
C:\Users\test\AppData\Local\D3DSCache
C:\Users\test\AppData\Local\NVIDIA Corporation\GfeSDK
C:\Users\test\AppData\Local\Microsoft\Feeds
C:\Users\test\AppData\Local\Microsoft\
C:\Users\test\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\xe5\xbb\xba\xe8\xae\xae\xe7\xbd\x91\xe7\xab\x99~.feed-ms
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\xe7\xbd\x91\xe9\xa1\xb5\xe5\xbf\xab\xe8\xae\xaf\xe5\xba\x93~.feed-ms
C:\Users\test\AppData\Local\Microsoft\Feeds\\xe4\xb8\xad\xe5\x9b\xbd\xe7\x9a\x84\xe6\xba\x90~
C:\Users\test\AppData\Local\Microsoft\Feeds\\xe4\xb8\xad\xe5\x9b\xbd\xe7\x9a\x84\xe6\xba\x90~\MSN \xe4\xb8\xad\xe5\x9b\xbd RSS~.feed-ms
C:\Users\test\AppData\Local\Microsoft
C:\Users\test\AppData\Local\Microsoft\Feeds Cache
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\5X4I4GC9
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\5X4I4GC9\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\5X4I4GC9\ieonline.microsoft[1]
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\L2IRY2MP
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\L2IRY2MP\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\L2IRY2MP\fwlink[1]
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\OZKW6MZO
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\OZKW6MZO\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\QB124X2G
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\QB124X2G\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\QB124X2G\fwlink[1]
C:\Users\test\AppData\Local\Microsoft\Windows\INetCache
C:\Users\test\AppData\Local\Microsoft\Windows\INetCookies
C:\Users\test\AppData\Local\Microsoft\Windows\WebCache
C:\Users\test\AppData\Local\Microsoft\XboxLive\AuthStateCache.dat
C:
C:\Users\test\AppData\Roaming\Msg.*
C:\Users\test\AppData\Roaming\Msg
C:\ProgramData\Oracle\Java\javapath\Msg.*
C:\ProgramData\Oracle\Java\javapath\Msg
C:\Windows\sysnative\Msg.*
C:\Windows\sysnative\msg.COM
C:\Windows\sysnative\msg.exe

读取的文件

\Device\KsecDD
C:\Users\test\AppData\Local\Temp\DC69.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC8B.tmp
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\sysnative\shell32.dll
C:\
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000052.db
C:\Users\desktop.ini
C:\Users
C:\Users\test
C:\Users\test\AppData
C:\Users\test\Desktop\desktop.ini
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat
C:\Users\test\AppData\Roaming\more.exe
C:\Users\test\AppData\Roaming\NULL2.sys
C:\Users\test\AppData\Roaming\4u21H1mapper.exe
C:\Users\test\AppData\Roaming\
C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
C:\Windows\sysnative\wbem\XSL-Mappings.xml
C:\Windows\sysnative\wbem\texttable.xsl
C:\Windows\sysnative\msxml3.dll\1
C:\Windows\sysnative\msxml3.dll
C:\Windows\sysnative\stdole2.tlb
C:\Windows\sysnative\tzres.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN
C:\Users\test\AppData\Local
C:\Users\test\AppData\Local\Temp
C:\Windows\sysnative\ntshrui.dll
C:\Program Files (x86)\WinSCP\DragExt64.dll
C:\Users\test\AppData\Local\Temp\acrord32_sbx
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Cookies
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History\History.IE5
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\BBK4MUC4
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GBQ0628Z
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\S3355F3U
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\WAPAO0VX
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\BBK4MUC4\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GBQ0628Z\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\S3355F3U\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\WAPAO0VX\desktop.ini
C:\Users\test\AppData\Local\Temp\Low
C:\Users\test\AppData\Local\Temp\msdtadmin
C:\Users\test\AppData\Local\Temp\msdtadmin\_D2A32820-A20D-4B68-BD10-AF8AF057A291_
C:\Users\test\AppData\Local\Temp\VBE
C:\Users\test\AppData\Local\Temp\WPDNSE
C:\Users\test\AppData\Local\Microsoft\Feeds
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\test\AppData\Local\Microsoft\Feeds\\xe4\xb8\xad\xe5\x9b\xbd\xe7\x9a\x84\xe6\xba\x90~
C:\Users\test\AppData\Local\Microsoft
C:\Users\test\AppData\Local\Microsoft\Feeds Cache
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\5X4I4GC9
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\L2IRY2MP
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\OZKW6MZO
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\QB124X2G
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\5X4I4GC9\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\L2IRY2MP\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\OZKW6MZO\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\QB124X2G\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\desktop.ini
C:

修改的文件

C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat
C:\Users\test\AppData\Roaming\more.exe
C:\Users\test\AppData\Roaming\NULL2.sys
C:\Users\test\AppData\Roaming\4u21H1mapper.exe
C:\Users\test\AppData\Roaming\
\??\NUL
C:

删除的文件

C:\Users\test\AppData\Local\Temp\DC69.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC8B.tmp
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\extd.exe
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\DC7B.bat
C:\Users\test\AppData\Local\Temp\DC69.tmp\DC6A.tmp\
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\CbsProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\CompatProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismCore.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismCorePS.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismHost.exe
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismProv.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DmiProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\FolderProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\IntlProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\LogProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\MsiProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\OSProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\SmiProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\TransmogProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\UnattendProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\wdscore.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\WimProvider.dll
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\CbsProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\CompatProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\DmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\IntlProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\OSProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\SmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\UnattendProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\en-US\WimProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\CbsProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\CompatProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\DismCore.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\DismProv.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\DmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\FolderProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\IntlProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\LogProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\MsiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\OSProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\SmiProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\TransmogProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\UnattendProvider.dll.mui
C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\zh-CN\WimProvider.dll.mui
C:\Users\test\AppData\Local\Temp\A9REE26.tmp
C:\Users\test\AppData\Local\Temp\acrord32_sbx
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Cookies
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Cookies\index.dat
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History\History.IE5
C:\Users\test\AppData\Local\Temp\acrord32_sbx\History\History.IE5\index.dat
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\BBK4MUC4
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\BBK4MUC4\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GBQ0628Z
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GBQ0628Z\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\S3355F3U
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\S3355F3U\desktop.ini
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\WAPAO0VX
C:\Users\test\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\WAPAO0VX\desktop.ini
C:\Users\test\AppData\Local\Temp\AdobeARM.log
C:\Users\test\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-1.dll
C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\test\AppData\Local\Temp\CVR9481.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVR9AE7.tmp
C:\Users\test\AppData\Local\Temp\CVR9AE7.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVR9C1F.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVR9FF6.tmp
C:\Users\test\AppData\Local\Temp\CVRD641.tmp.cvr
C:\Users\test\AppData\Local\Temp\CVRDA47.tmp.cvr
C:\Users\test\AppData\Local\Temp\ext-ms-win-kernel32-package-current-l1-1-0.dll
C:\Users\test\AppData\Local\Temp\FXSAPIDebugLogFile.txt
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
C:\Users\test\AppData\Local\Temp\Low
C:\Users\test\AppData\Local\Temp\mscoree.dll
C:\Users\test\AppData\Local\Temp\msdtadmin
C:\Users\test\AppData\Local\Temp\msdtadmin\_D2A32820-A20D-4B68-BD10-AF8AF057A291_
C:\Users\test\AppData\Local\Temp\msdtadmin\_D2A32820-A20D-4B68-BD10-AF8AF057A291_\inuse
C:\Users\test\AppData\Local\Temp\NULLspoofer2-H121jun.exe
C:\Users\test\AppData\Local\Temp\svchost.exe
C:\Users\test\AppData\Local\Temp\VBE
C:\Users\test\AppData\Local\Temp\WPDNSE
C:\Users\test\AppData\Local\Temp\~DF04035F6128F6BD66.TMP
C:\Users\test\AppData\Local\Temp\~DF2D1C4B8D3AF05322.TMP
C:\Users\test\AppData\Local\Microsoft\Feeds
C:\Users\test\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\xe5\xbb\xba\xe8\xae\xae\xe7\xbd\x91\xe7\xab\x99~.feed-ms
C:\Users\test\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\xe7\xbd\x91\xe9\xa1\xb5\xe5\xbf\xab\xe8\xae\xaf\xe5\xba\x93~.feed-ms
C:\Users\test\AppData\Local\Microsoft\Feeds\\xe4\xb8\xad\xe5\x9b\xbd\xe7\x9a\x84\xe6\xba\x90~
C:\Users\test\AppData\Local\Microsoft\Feeds\\xe4\xb8\xad\xe5\x9b\xbd\xe7\x9a\x84\xe6\xba\x90~\MSN \xe4\xb8\xad\xe5\x9b\xbd RSS~.feed-ms
C:\Users\test\AppData\Local\Microsoft\Feeds Cache
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat

注册表键

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\NULLspoofer2-H121jun.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\file\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CLASSES_ROOT\.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Classes\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\TextSource\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource\1\TextSourceDll
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}
HKEY_CURRENT_USER\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\Required Categories\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}
HKEY_CURRENT_USER\Software\Microsoft\MSXML
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultTTL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\Data\SMBiosData
HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig
HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Global
HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Global\CoProcManager
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{372941a4-1bd9-11e5-9838-806e6f6e6963}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{372941a3-1bd9-11e5-9838-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{372941a7-1bd9-11e5-9838-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{372941a4-1bd9-11e5-9838-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\LastEnum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI
HKEY_CURRENT_USER\Software\Microsoft\Direct3D
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\WHQLClass
HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\ODUID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware Profiles\0001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0001\HwProfileGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\PingID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIdValidation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Dhcpv6DUID
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\ComputerHardwareId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\ComputerHardwareIds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Migration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\WinSqmFirstSessionStartTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildGUID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\_DriverProviderInfo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverGUID
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0003\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0003\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0005
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0005\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0005\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0006
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0006\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0006\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0010\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0010\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SevilleEventlogManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Activation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Activation\ProductActivationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\BackupProductKeyDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\actionlist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\ServiceSessionId
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HKEY_CURRENT_USER\Software\Hex-Rays\IDA\History
HKEY_CURRENT_USER\Software\Hex-Rays\IDA\History64
HKEY_LOCAL_MACHINE\HARDWARE\UEFI\ESRT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ConfirmFileDelete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ConfirmFileDelete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\more.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CLASSES_ROOT\.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\(Default)
HKEY_CLASSES_ROOT\.dll\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice
HKEY_CLASSES_ROOT\dllfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\NeverShowExt
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_CLASSES_ROOT\.mui
HKEY_CLASSES_ROOT\.mui\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mui\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mui
HKEY_CLASSES_ROOT\Unknown
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.mui
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(Default)
HKEY_CLASSES_ROOT\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing\(Default)
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ntshrui.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\WinSCPCopyHook
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\WinSCPCopyHook\(Default)
HKEY_CLASSES_ROOT\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e15e1d68-0d1c-49f7-beb8-812b1e00fa60}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\DragExt64.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60} {000214FC-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PROFILELIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Sharing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\more.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\more.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dll\(Default)
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_CLASSES_ROOT\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.mui
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\ShellEx\PropertyHandler
HKEY_CLASSES_ROOT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\PropertyHandler
HKEY_CLASSES_ROOT\.tmp
HKEY_CLASSES_ROOT\.tmp\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp
HKEY_CLASSES_ROOT\SystemFileAssociations\.tmp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.tmp
HKEY_CLASSES_ROOT\.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\(Default)
HKEY_CLASSES_ROOT\.dat\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\NeverShowExt
HKEY_CLASSES_ROOT\.ini
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini\(Default)
HKEY_CLASSES_ROOT\.ini\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\UserChoice
HKEY_CLASSES_ROOT\inifile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.ini
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini\PerceivedType
HKEY_CLASSES_ROOT\SystemFileAssociations\text
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.ini
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\ShellEx\PropertyHandler
HKEY_CLASSES_ROOT\.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.DLL\(Default)
HKEY_CLASSES_ROOT\.DLL\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DLL\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DLL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DLL\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DLL\UserChoice
HKEY_CLASSES_ROOT\SystemFileAssociations\.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.DLL\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.DLL\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.DLL\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.bat\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice
HKEY_CLASSES_ROOT\batfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\ShellEx\PropertyHandler
HKEY_CLASSES_ROOT\.txt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\(Default)
HKEY_CLASSES_ROOT\.txt\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice
HKEY_CLASSES_ROOT\txtfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.txt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.txt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\ShellEx\PropertyHandler
HKEY_CLASSES_ROOT\.log
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log\(Default)
HKEY_CLASSES_ROOT\.log\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice
HKEY_CLASSES_ROOT\SystemFileAssociations\.log
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log\Content Type
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.log
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log\ShellEx\PropertyHandler
HKEY_CLASSES_ROOT\.
HKEY_CLASSES_ROOT\.\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\UserChoice
HKEY_CLASSES_ROOT\SystemFileAssociations\.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.
HKEY_CLASSES_ROOT\.feedsdb-ms
HKEY_CLASSES_ROOT\.feedsdb-ms\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.feedsdb-ms\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.feedsdb-ms
HKEY_CLASSES_ROOT\SystemFileAssociations\.feedsdb-ms
HKEY_CLASSES_ROOT\.feed-ms
HKEY_CLASSES_ROOT\.feed-ms\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.feed-ms\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.feed-ms
HKEY_CLASSES_ROOT\SystemFileAssociations\.feed-ms
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.feedsdb-ms
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.feed-ms
HKEY_CLASSES_ROOT\.microsoft[1]
HKEY_CLASSES_ROOT\.microsoft[1]\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.microsoft[1]\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.microsoft[1]
HKEY_CLASSES_ROOT\SystemFileAssociations\.microsoft[1]

读取的注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\WMIC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource\1\TextSourceDll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultTTL
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\WHQLClass
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0001\HwProfileGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\PingID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIdValidation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Dhcpv6DUID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\ComputerHardwareId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\ComputerHardwareIds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildGUID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\_DriverProviderInfo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverGUID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ConfirmFileDelete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ConfirmFileDelete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\WinSCPCopyHook\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60} {000214FC-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dll\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.DLL\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.DLL\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.DLL\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.DLL\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.DLL\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.txt\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log\Content Type

修改的注册表键

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0001\HwProfileGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIdValidation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Dhcpv6DUID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\WinSqmFirstSessionStartTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildGUID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0003\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0005\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0006\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0010\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\NetworkInterfaceInstallTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Activation\ProductActivationTime

删除的注册表键

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\Data\SMBiosData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\LastEnum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0003\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0005\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0006\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0010\NetworkAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\NetworkAddress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\BackupProductKeyDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\actionlist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\ServiceSessionId

API解析

cryptbase.dll.SystemFunction036
kernel32.dll.InitOnceExecuteOnce
kernel32.dll.GetLongPathNameW
ole32.dll.StringFromGUID2
advapi32.dll.OpenThreadToken
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitializeEx
ole32.dll.CreateBindCtx
ole32.dll.CoTaskMemAlloc
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoGetMalloc
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
comctl32.dll.#328
comctl32.dll.#334
advapi32.dll.RegEnumKeyW
oleaut32.dll.#2
ole32.dll.CoCreateInstance
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#332
comctl32.dll.#338
comctl32.dll.#339
shell32.dll.#102
ole32.dll.CoUninitialize
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
advapi32.dll.SaferIdentifyLevel
advapi32.dll.SaferComputeTokenFromLevel
advapi32.dll.SaferCloseLevel
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
kernel32.dll.GetModuleHandleW
urlmon.dll.DllCanUnloadNow
urlmon.dll.IEDllLoader
urlmon.dll.CoInternetCreateZoneManager
urlmon.dll.CoInternetGetSession
urlmon.dll.CopyBindInfo
urlmon.dll.CreateURLMoniker
urlmon.dll.RegisterBindStatusCallback
urlmon.dll.ReleaseBindInfo
urlmon.dll.RevokeBindStatusCallback
urlmon.dll.UrlMkGetSessionOption
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CreateUri
urlmon.dll.CoInternetCombineUrl
urlmon.dll.CoInternetGetSecurityUrl
urlmon.dll.IsValidURL
wininet.dll.InternetCrackUrlW
wininet.dll.InternetCreateUrlW
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.HeapSetInformation
msoxmlmf.dll.DllGetClassObject
msoxmlmf.dll.DllCanUnloadNow
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetLocaleInfoEx
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetSystemDefaultLocaleName
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
oleaut32.dll.#283
oleaut32.dll.#284
kernel32.dll.RegOpenKeyExW
wmi2xml.dll.OpenWbemTextSource
wmi2xml.dll.CloseWbemTextSource
wmi2xml.dll.WbemObjectToText
wmi2xml.dll.TextToWbemObject
kernel32.dll.RegCloseKey
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
sxs.dll.SxsOleAut32RedirectTypeLibrary
advapi32.dll.RegOpenKeyW
advapi32.dll.RegQueryValueW
oleaut32.dll.#500
ntdll.dll.EtwUnregisterTraceGuids
cryptsp.dll.CryptReleaseContext
kernel32.dll.GetProcAddress
kernel32.dll.GetTickCount
kernel32.dll.GetCurrentProcess
kernel32.dll.SetFileAttributesW
kernel32.dll.LoadLibraryW
kernel32.dll.DeleteFileW
kernel32.dll.LocalFree
kernel32.dll.WriteConsoleW
kernel32.dll.HeapReAlloc
kernel32.dll.CloseHandle
kernel32.dll.Process32FirstW
kernel32.dll.Process32NextW
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.OpenProcess
kernel32.dll.CreateFileW
kernel32.dll.FindClose
kernel32.dll.GetTempPathW
kernel32.dll.SetFilePointer
kernel32.dll.TerminateProcess
kernel32.dll.WriteFile
kernel32.dll.FindNextFileW
kernel32.dll.FindFirstFileW
kernel32.dll.GetLogicalDrives
kernel32.dll.GetLastError
kernel32.dll.ReadFile
kernel32.dll.HeapSize
kernel32.dll.GetTimeZoneInformation
kernel32.dll.SetFilePointerEx
kernel32.dll.GetFileSizeEx
kernel32.dll.GetConsoleMode
kernel32.dll.GetConsoleCP
kernel32.dll.FlushFileBuffers
kernel32.dll.GetProcessHeap
kernel32.dll.RtlCaptureContext
kernel32.dll.RtlLookupFunctionEntry
kernel32.dll.RtlVirtualUnwind
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.InitializeSListHead
kernel32.dll.GetStartupInfoW
kernel32.dll.RtlUnwindEx
kernel32.dll.SetLastError
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.DeleteCriticalSection
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.TlsAlloc
kernel32.dll.TlsGetValue
kernel32.dll.TlsSetValue
kernel32.dll.TlsFree
kernel32.dll.FreeLibrary
kernel32.dll.LoadLibraryExW
kernel32.dll.RaiseException
kernel32.dll.ExitProcess
kernel32.dll.GetModuleHandleExW
kernel32.dll.GetStdHandle
kernel32.dll.GetModuleFileNameW
kernel32.dll.HeapAlloc
kernel32.dll.HeapFree
kernel32.dll.CompareStringW
kernel32.dll.LCMapStringW
kernel32.dll.GetFileType
kernel32.dll.WaitForSingleObject
kernel32.dll.GetExitCodeProcess
kernel32.dll.CreateProcessW
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetStringTypeW
kernel32.dll.FindFirstFileExW
kernel32.dll.IsValidCodePage
kernel32.dll.GetACP
kernel32.dll.GetOEMCP
kernel32.dll.GetCPInfo
kernel32.dll.GetCommandLineA
kernel32.dll.GetCommandLineW
kernel32.dll.MultiByteToWideChar
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.SetEnvironmentVariableW
kernel32.dll.SetStdHandle
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.RegCreateKeyExW
advapi32.dll.SetNamedSecurityInfoW
advapi32.dll.RegSetValueExW
advapi32.dll.OpenProcessToken
advapi32.dll.FreeSid
advapi32.dll.RegCopyTreeW
advapi32.dll.RegCreateKeyW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegOpenKeyExW
shell32.dll.SHGetFolderPathW
shell32.dll.SHFileOperationW
shlwapi.dll.PathFileExistsW
shlwapi.dll.SHDeleteKeyW
shlwapi.dll.SHDeleteValueW
shlwapi.dll.StrStrW
user32.dll.wsprintfW
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
kernel32.dll.AreFileApisANSI
ntdll.dll.NtQueryKey
oleaut32.dll.#200
comctl32.dll.#385
propsys.dll.PSLookupPropertyHandlerCLSID
propsys.dll.PSCreatePropertyStoreFromObject
propsys.dll.#417
propsys.dll.PropVariantToStringAlloc
ole32.dll.PropVariantClear
propsys.dll.PropVariantToBoolean
propsys.dll.VariantToUInt64
oleaut32.dll.#9
propsys.dll.PropVariantToVariant
propsys.dll.InitPropVariantFromBuffer
propsys.dll.PropVariantToBuffer
apphelp.dll.ApphelpCheckShellObject
ole32.dll.CoTaskMemRealloc
shell32.dll.#66
advapi32.dll.GetNamedSecurityInfoW
sechost.dll.ConvertStringSidToSidW
netutils.dll.NetApiBufferFree
propsys.dll.PropVariantToUInt64
comctl32.dll.#387
comctl32.dll.#327
ntdll.dll.RtlDllShutdownInProgress
comctl32.dll.#329
comctl32.dll.#388
ole32.dll.CoRevokeInitializeSpy
advapi32.dll.CreateWellKnownSid
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall3
rpcrt4.dll.RpcBindingFree