魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
URL	2018-05-21 15:52:05	2018-05-21 15:54:26	141 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp01-3	win7-sp1-x64-shaapp01-3	KVM	2018-05-21 15:52:05	2018-05-21 15:54:23

魔盾分数
2.45 可疑的

URL信息

URL

http://www.m515.net

VirusTotal

VirusTotal链接
VirusTotal扫描时间: 2018-04-30 03:59:33
扫描结果: 3/67 (展开)

防病毒引擎	结果
ADMINUSLabs	Clean Site
AegisLab WebGuard	Clean Site
AlienVault	Clean Site
Antiy-AVL	Clean Site
AutoShun	Unrated Site
Avira	Clean Site
Baidu-International	Clean Site
BitDefender	Clean Site
Blueliv	Clean Site
C-SIRT	Clean Site
Certly	Clean Site
CLEAN MX	Clean Site
Comodo Site Inspector	Clean Site
CyberCrime	Clean Site
CyRadar	Clean Site
desenmascara_me	Clean Site
DNS8	Clean Site
Dr_Web	Clean Site
Emsisoft	Clean Site
ESET	Clean Site
Forcepoint ThreatSeeker	Unrated Site
Fortinet	Malware Site
FraudScore	Clean Site
FraudSense	Clean Site
G-Data	Clean Site
Google Safebrowsing	Malware Site
K7AntiVirus	Clean Site
Kaspersky	Unrated Site
Malc0de Database	Clean Site
Malekal	Clean Site
Malware Domain Blocklist	Clean Site
Malwarebytes hpHosts	Clean Site
Malwared	Clean Site
MalwareDomainList	Clean Site
MalwarePatrol	Clean Site
malwares_com URL checker	Clean Site
Netcraft	Unrated Site
NotMining	Unrated Site
Nucleon	Clean Site
OpenPhish	Clean Site
Opera	Clean Site
PhishLabs	Unrated Site
Phishtank	Clean Site
Quttera	Clean Site
Rising	Clean Site
SCUMWARE_org	Clean Site
SecureBrain	Clean Site
securolytics	Clean Site
Sophos	Malicious Site
Spam404	Clean Site
StopBadware	Unrated Site
Sucuri SiteCheck	Clean Site
Tencent	Clean Site
ThreatHive	Clean Site
Trustwave	Clean Site
URLQuery	Unrated Site
Virusdie External Site Scan	Clean Site
VX Vault	Clean Site
Web Security Guard	Clean Site
Webutation	Clean Site
Yandex Safebrowsing	Clean Site
ZCloudsec	Clean Site
ZDB Zeus	Clean Site
ZeroCERT	Clean Site
Zerofox	Clean Site
ZeusTracker	Clean Site
zvelo	Clean Site

特征

投放了一个或多个文件

file: c:\users\test\appdata\local\microsoft\feeds cache\index.dat

URL已被至少一个VirusTotal上的反病毒引擎检测为病毒

Google Safebrowsing: malware site

Sophos: malicious site

Fortinet: malware site

魔盾wping.org 域名信誉系统

Greylist: s19.cnzz.com

Greylist: js.users.51.la

Greylist: z8.cnzz.com

Greylist: c.cnzz.com

Greylist: ia.51.la

运行截图

网络分析

访问主机记录

直接访问	IP地址	国家名
否	117.21.219.106	China
否	122.227.164.214	China
否	14.17.102.107	China
否	140.205.136.1	China
否	180.97.66.49	China
否	183.131.207.78	China
否	220.181.7.190	China
否	221.229.196.24	China
否	58.218.215.188	China

域名解析

域名	响应
www.m515.net	A 221.229.196.24
apps.bdimg.com	CNAME apps.bdimg.jomodns.com A 180.97.66.49
static.yunaq.com	A 117.21.219.106 A 117.21.219.105
s19.cnzz.com	A 58.218.215.188 A 122.228.95.178 A 222.186.49.224 CNAME c.cnzz.com A 117.71.17.64 A 122.227.164.214 CNAME all.cnzz.com.danuoyi.tbcache.com
js.users.51.la	A 112.90.153.42 A 112.90.153.41 A 14.17.102.107 A 42.236.74.213 A 14.17.102.106 A 42.236.74.246 A 42.236.74.247
ocsp.globalsign.com	A 180.101.217.164 CNAME globalsign.com.cdn.dnsv1.com CNAME globalsign.com.s2.cdntip.com A 58.216.107.33 A 221.228.219.30 A 58.216.106.164 A 221.228.219.33 CNAME global.prd.cdn.globalsign.com A 221.228.219.32 A 180.101.217.163 A 180.101.217.160 A 180.101.217.161 A 221.228.218.163 A 58.216.106.163 A 58.216.107.34 A 221.228.218.164
z8.cnzz.com	A 140.205.60.79 CNAME z.cnzz.com A 140.205.158.4 A 140.205.136.1 A 140.205.218.72 A 140.205.61.85 CNAME z.gds.cnzz.com A 140.205.218.67
c.cnzz.com
ia.51.la	A 183.131.207.78 CNAME d2cb5ad7002c4066.huaweisafedns.com
hm.baidu.com	CNAME hm.e.shifen.com A 220.181.7.190

TCP连接

IP地址	端口
117.21.219.106	80
117.21.219.106	80
122.227.164.214	443
14.17.102.107	443
140.205.136.1	443
180.97.66.49	80
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
221.228.219.32	80
221.228.219.32	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
221.229.196.24	80
23.35.216.147	80
58.216.107.33	80
58.216.107.33	80
58.218.215.188	443

UDP连接

IP地址	端口
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://www.m515.net/	GET / HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=25&ved=0CCEQfjSmlGZ2x1WHpzenhHZFBu&url=http%3A%2F%2Fwww.m515.net&ei=cUdJWU5zcEdUWmV1&usg=AFQjcFFneVdXRmVWeWFq Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/plus/ad_js.php?aid=33	GET /plus/ad_js.php?aid=33 HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/plus/ad_js.php?aid=32	GET /plus/ad_js.php?aid=32 HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://apps.bdimg.com/libs/jquery/1.10.2/jquery.min.js	GET /libs/jquery/1.10.2/jquery.min.js HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: apps.bdimg.com Connection: Keep-Alive
http://www.m515.net/skin/images/logo.png	GET /skin/images/logo.png HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/uploads/allimg/180417/1-1P41FU429350-lp.jpg	GET /uploads/allimg/180417/1-1P41FU429350-lp.jpg HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/uploads/allimg/180422/1-1P4220230214R-lp.jpg	GET /uploads/allimg/180422/1-1P4220230214R-lp.jpg HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/uploads/allimg/180510/1-1P510211U5L6-lp.jpg	GET /uploads/allimg/180510/1-1P510211U5L6-lp.jpg HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/uploads/allimg/180502/1-1P502015104127-lp.jpg	GET /uploads/allimg/180502/1-1P502015104127-lp.jpg HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/uploads/allimg/180420/1-1P420010523255-lp.jpg	GET /uploads/allimg/180420/1-1P420010523255-lp.jpg HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://www.m515.net/uploads/allimg/180422/1-1P422023524R6-lp.jpg	GET /uploads/allimg/180422/1-1P422023524R6-lp.jpg HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.m515.net Connection: Keep-Alive
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH	GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8D4g	GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8D4g HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com
http://ocsp2.globalsign.com/gsdomainvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTR8bV2%2Be7AwQ96%2FHwxJKnDYl18YQQU6k581IAt5RWBhiaMgm3AmKTPlw8CDDiWzNnGaYzcF90Uxg%3D%3D	GET /gsdomainvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTR8bV2%2Be7AwQ96%2FHwxJKnDYl18YQQU6k581IAt5RWBhiaMgm3AmKTPlw8CDDiWzNnGaYzcF90Uxg%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGxjRxAlYW3DKTBxjg%3D%3D	GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGxjRxAlYW3DKTBxjg%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com
http://static.yunaq.com/static/js/stat/picture_stat.js	GET /static/js/stat/picture_stat.js HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: static.yunaq.com Connection: Keep-Alive
http://static.yunaq.com/static/images/stat/stat.png?v=20160429	GET /static/images/stat/stat.png?v=20160429 HTTP/1.1 Accept: / Referer: http://www.m515.net/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: static.yunaq.com Connection: Keep-Alive Cookie: __jsluid=5f796b756ed760d8e6a8dd71f15f18e7
http://www.m515.net/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.m515.net Connection: Keep-Alive Cookie: UM_distinctid=163834a44b81f8-0e49cf914cdcc48-26596859-75300-163834a44c75c0; CNZZDATA1272900960=408836877-1526883813-%7C1526883813; __tins__19400267=%7B%22sid%22%3A%201526917262011%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201526919062011%7D; __51cke__=; __51laig__=1
http://crl.microsoft.com/pki/crl/products/tspca.crl	GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com

ICMP请求

源地址	目标地址	ICMP类型	ICMP数据
192.168.122.203	192.168.122.1	3

投放文件

index.dat

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 bytes
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
SHA512	101bdb7178e031b1fbd78d595d778d06174749246cdcb70eb4b92af534910e30e0627147260ec319bccecf7a105c814b6b32c077a777fb5e90bd1459c78dcdf9
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
VirusTotal	搜索相关分析

picture_stat[1].js

文件名	picture_stat[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\picture_stat[1].js
文件大小	399 bytes
文件类型	UTF-8 Unicode text
MD5	fb1f0ac03639a7ac166c2c59b3ce093a
SHA1	d8a05667be467132bbfe5784a5c8d0a3ff8004ac
SHA256	ec36bc7f5040a3dce8f91248ddb1ee59558d87b7c34a301fa87a111d0e90904e
SHA512	17873b5d63dc07d3d179f1a7714c922260bc9e3b510554234f865cf59f889d355b147abb9f58f70115dcbc2d54bb80120991280a713f835951d32cae7514d859
Ssdeep	12:ifTsWq6iRDRRNz6iYA6iYZ5ysfWq6iLSzCaiDgV2nX46Fvsz7:ETsWq60RRNz6k6VLysfWq67iDPo6M
Yara	without_urls (Rule to detect the no presence of any url) without_attachments (Rule to detect the no presence of any attachment) with_images (Rule to detect the presence of an or several images)
VirusTotal	搜索相关分析

ad_js[1].php

文件名	ad_js[1].php
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[1].php C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[2].php
文件大小	32 bytes
文件类型	exported SGML document, ASCII text, with CRLF line terminators
MD5	662d3bf4a39234da1e9714a350c31f8f
SHA1	2eee4ccf9f984da8e17703857d6b1bda8ef30350
SHA256	84eee95910ac24e335eebe020f908d0f310ff42076fe7cf512e18929b98ce76c
SHA512	a490bfdfb5726c9ac78c58f161cbf136aed1c429ed4194bc68187ada83f334681eb9fb51859a86cd18fd6e833eed8f18e398fb61190c43fefb32a0fd3bd673c8
Ssdeep	3:j7KH9LRmcsgQfv:yH9L/6v
VirusTotal	搜索相关分析

stat[1].png

文件名	stat[1].png
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\stat[1].png
文件大小	5670 bytes
文件类型	PNG image data, 126 x 48, 8-bit/color RGBA, non-interlaced
MD5	b90ac7637a88abda7c1a1bdc044e1322
SHA1	a469148fb31ea3fecc9989d2198d81581d6a25aa
SHA256	f6487fefa9ea4004636509bf6d0070a5b8b91e28ae9ca17c56c2f9c91a96b449
SHA512	fd00d5847e0cf44fd8d72dee63d6a3e070cac1d58b4fb91d20c0efe2faeb7132d83608055779b1090b98831bd739a708f05112dc1be07d336c016f8174659f39
Ssdeep	96:nBpEbrzATL3K9T0UeboAd9nJOS4pSA6RYe6F/oIfD:6AnjPnJOSyQYd/7D
VirusTotal	搜索相关分析

1-1P4220230214R-lp[1].jpg

文件名	1-1P4220230214R-lp[1].jpg
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\1-1P4220230214R-lp[1].jpg
文件大小	11137 bytes
文件类型	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 128x180, frames 3
MD5	c3ef2fff5d80688d11d1517be9309acb
SHA1	4bc44428b240822b1526409c7b5352d461cdf1c1
SHA256	693fca1726825a72fbaee281c0829994fcd1c9fa0e96715023f98388ea1b55a9
SHA512	480bd6ca7b213c35a789df272cca87f4114d97a8be915cd9a810fce66076c240c68d64fae5a7b211322593879dacc1b616105962da2143b1331a6499c2a9a5c9
Ssdeep	192:ukmXJ1Cb6Ssmb9NoY90d2phnQrFHGQZdq7VMoXF7QTb0eHrluEmSGbpbPGea+rUY:uWdbN0d2QVGSfWFIbnI1/FG1+v
VirusTotal	搜索相关分析

index.dat

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052220180523\index.dat
文件大小	32768 bytes
文件类型	Internet Explorer cache file version Ver 5.2
MD5	60a0d8fa3fb681bc0b07348bfb3735fa
SHA1	4685cce9c904955bd625740a9a2cf380d61fc214
SHA256	d073885a560c473d7f164bed165a778bd7e83523c495b28341e816bd0854ca40
SHA512	afaf28c2ac00b18aa37c6e1e929cb35890bd7bc3b0615f66a386673b8dabe9827d916610585abbdd61837f38d3510d2d292ddf41d653776784baffe67f971bdb
Ssdeep	6:qjyxXKPTN3E+xfgXhFc9XBij4Em3E+xUFc9XBiD:qjRPZ3E+eXTc1Bio3E+mc1Bi
VirusTotal	搜索相关分析

MSIMGSIZ.DAT

文件名	MSIMGSIZ.DAT
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小	16384 bytes
文件类型	data
MD5	d88fd90ae6f516729e590ccd7652f697
SHA1	bf3348067949d682ae6f56d60918f572f06be007
SHA256	1fa7254754f194898c31468deab97521fc7fb7406e11e5443a13f33083e80d3f
SHA512	3c2f72fdab5954559e45cffbd2faf8db3f1ca2daf85e7909a8e3eae28fe909ec1b80444b012e9c59ad770b8a7504501039617cd54a9de404ef612711d9c4bf01
Ssdeep	48:jGQhN7sXHWrVmqESaakad5PIy+9/8Jr0VjdS6gPdp4z7el:CBXHbbSrka5PIL8yJdcPUz76
VirusTotal	搜索相关分析

RecoveryStore.{DAC4C063-5CCB-11E8-AF8E-525400B07C72}.dat

文件名	RecoveryStore.{DAC4C063-5CCB-11E8-AF8E-525400B07C72}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAC4C063-5CCB-11E8-AF8E-525400B07C72}.dat
文件大小	3584 bytes
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	3bf42e054cffc2b749afe4a530e5e3a8
SHA1	9ef0ded9f81eefbe90eac80ab55cc706af1e1275
SHA256	3db2d3088ce58cabe577f71965b980196a2f24a288955e3083f3a40f10618599
SHA512	97b9657af59414b52609ac20fdaef6425bed5ffb24efbe47f646cc8e02f78d599aea13b76da484155c8c14c3815430cdea4f538bd893489adca46a21a6130b4f
Ssdeep	12:rl0YmGF22WrEg5+IaCrI017+FCDrEgmf+IaCy8qgQNlTqo:rIh5/lGv/TQNlWo
VirusTotal	搜索相关分析

index.dat

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 bytes
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1	a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256	bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
SHA512	126b0b6063509b59a2af9fe58d96ea741b3316af252b309000ab14b014dddde0b7bffbd9042bd2ce2194d3294677ae82c5470b8503470102b1b912f8ca309b9d
Ssdeep	384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
VirusTotal	搜索相关分析

19400267[1].js

文件名	19400267[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\19400267[1].js
文件大小	5209 bytes
文件类型	HTML document, ASCII text, with very long lines, with no line terminators
MD5	0c0a97e83afbb627e25202cb7569625b
SHA1	c2941a1d42675b5400b2cd89264d806d1ff446ee
SHA256	a42138f74622e795e0231f88dbbbc94f34fc7f6cd1adbcb5088fbb5368937cfb
SHA512	c5d3f0d15d7b8b913e5005024080ab7116c86f6491dec47866131df209e42b462068abd603d1950d240fee075131fc2efa3bb0020ee211d9d076fde6ef33577c
Ssdeep	96:AyHmPg4EY5Qc1dnqW7aUWp36QXiWgQ95qEIopwm3B5fXOiDgCQgeKrmpj:vmPZEY+cRpeUS36QXiWL5jfpwQXOiDgT
Yara	with_urls (Rule to detect the presence of an or several urls) without_attachments (Rule to detect the no presence of any attachment) without_images (Rule to detect the no presence of any image)
VirusTotal	搜索相关分析

index.dat

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小	262144 bytes
文件类型	Internet Explorer cache file version Ver 5.2
MD5	fbe6ba880d1f6cadfd771536120f2c73
SHA1	34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256	a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
SHA512	6a28d50bc6feeee26b35f014de7c8462d584bea98e9d6c97ebcedd2f22af71c4006cac55583161f4b6e25ad6e7f44f067b3f983113e078104f27ec02b1a4d0ab
Ssdeep	768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
VirusTotal	搜索相关分析

1-1P41FU429350-lp[1].jpg

文件名	1-1P41FU429350-lp[1].jpg
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\1-1P41FU429350-lp[1].jpg
文件大小	9000 bytes
文件类型	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 121x180, frames 3
MD5	11d661814d8ef818b86f18c949f93f9c
SHA1	62c55dffa4c93252143c3ee16ec58265242dbed4
SHA256	2c4c4b5562786eb5fc80ac9de0307e98610fd2915835771d85f6188d551c201a
SHA512	fcb21355012d969955ce67b257949e8b46302536bfdf1dc4ef1f15138423733d5366fa8214ac5d14f17d9de318828aac9c94f6019ffea12d3b0e6a563bb7e000
Ssdeep	192:L2snA3rl91SClRnwuGufzjl7uei5Vf8tgDy49StbdBhnb:L2L355lRnwuGqzJ7JM8tSyuSDBlb
VirusTotal	搜索相关分析

BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245

文件名	BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
文件大小	528 bytes
文件类型	data
MD5	75e94d1bb5e3bcea13ffdb0364c7d356
SHA1	ca57f96de34d2e74ffcf87cc829fea8b026d7d54
SHA256	5f61c6c2447e08d53e72543771ad30e34b05e3994c11a2e54a871e511e982642
SHA512	a38f5ce85ce8fa98201e667ce38e82305a885b910f4457f2df5f5204a8697141ea023ac6b27bcf367856869110159204e19918aa3bbe905add18b9aab0a35e00
Ssdeep	12:6Rp/RvjJWzfbMDC3bgLzK8sFllnkFIn8DYRwwWg1em7voMGdmXiQtla8N:63hJgoe3ELmvaQ8DOt/1em7j2y
VirusTotal	搜索相关分析

ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3

文件名	ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
文件大小	1517 bytes
文件类型	data
MD5	b7c2103b168868b319df7b38cf8c1ad2
SHA1	a25c4949cb5ab966adba71bfe3961465117a8665
SHA256	fe591c69a387dc4ad7a64ece94d10e02c6f913ffe58cbdf78d10234a2290aa07
SHA512	f93639cf9201f7b7f6a0384c155ec53352fe3d5aea7dea91091c00aff50ac5416892f2b539fa891a96c72f4b0a60ea7142c141bf1e7fe2a61d1935ec63b579f9
Ssdeep	24:IOmECmaY+G6jdJHkZdWm4i45aTccuH/bNs7EuPPw4FcKaHTKruWl0yVgSp2hWFiW:I06jDY1LwcuH/bNgEuH1FJaHTGuUg1xW
VirusTotal	搜索相关分析

1-1P502015104127-lp[1].jpg

文件名	1-1P502015104127-lp[1].jpg
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\1-1P502015104127-lp[1].jpg
文件大小	10783 bytes
文件类型	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 128x180, frames 3
MD5	6342d187556a55ba422f86b337ea6b01
SHA1	5e7a510cb253532d590f4c2c8162f90497d48b44
SHA256	7c582fe664fb916493b74853dc3c9f592d0c0bb88d9862dafc916cd5a64ee639
SHA512	bc2d27cca6e32a33124bd8bc2b7fe72f77b67c0d0306a621644cb8cd529b89583b791d884cc1cb646bcec22a626e5de00c7a0b50bdca39dac550a54e49abee9f
Ssdeep	192:ufifEgadSOcO5Etem6rIxcV5Se29CZK47RJab2oqmYd3glunHWqaB8mssc1Gd:ufif3a0OcO7mvxCH6CZKqPoq5Ql223B9
VirusTotal	搜索相关分析

A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31

文件名	A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
文件大小	532 bytes
文件类型	data
MD5	939b2a119ff1bb7a3d3c8238b8f0684c
SHA1	f30d5f42dec33dfb490d9c336aed59265bd6fb82
SHA256	68641f2cde49859ded8501a645cad680518ae528b1bde6c59019ab81d00c6bcf
SHA512	f46fcfdede7910f2b080ed77092f15dd3e89ab92ca97ad4fb2b8ff8197cb1a8b9a90025a5c4486a54c477f7f8d6266fbeafa9587c85dc991a61120962f9847b4
Ssdeep	12:tbndTbPJWzf8ClDC3bgLzK8sFFyOJQlUsyrMHCDw:BFJgEme3ELmvPyOJQ6QHCDw
VirusTotal	搜索相关分析

ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

文件名	ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小	492 bytes
文件类型	data
MD5	a3f8becde3d7e9afe8d8abd404060a94
SHA1	ebf44c969b55d41264aaa99c2025e15be01a23e6
SHA256	b95cf9e4fbd2013a2126cf0e7fbea199e46f3ed28536dbd377292446311db49f
SHA512	ff96e89c703be2dd7b8e9e03a62227f12066ab57db6b93ff6e511d21876ff9c713061e7a2d4b6e1c593bf05bcea887e7bd6a331bca956fece7afb193d8412818
Ssdeep	12:/Uimtb/l7DWzF0Y1oOkksFyR7uE9SsAUOlJCccxmv/:/ful7DgF0WoLnYRd8JUKYcdX
VirusTotal	搜索相关分析

jquery.min[1].js

文件名	jquery.min[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\jquery.min[1].js
文件大小	93106 bytes
文件类型	ASCII text, with very long lines, with CRLF line terminators
MD5	e39d7f174407886a84c437f14182e57a
SHA1	77e9eed704c96c3eb0180d35c6ba430b3f69a43a
SHA256	c1bcc5f2066e4476e6dbab0b5a9b9700b86f4d6ebeb2900d73ee97e53753d4f9
SHA512	3e153156a11b21a66500b592b574bc2e2ebddd41014216177c0c2d5e6b31f2d0a742f68899527dbae47309df2922f81544450f73e3e2981c88cd9ecae0c570e7
Ssdeep	1536:Z4mCgi8DyCuXXFiJ+L0kJQsJVPEKLQRZdC/RAfDknv+p0WzH/Io9Z7qABZnu0sFy:ZGsKXAI2p0WP9bDrstfa5
Yara	without_urls (Rule to detect the no presence of any url) without_attachments (Rule to detect the no presence of any attachment) without_images (Rule to detect the no presence of any image)
VirusTotal	搜索相关分析

{DAC4C064-5CCB-11E8-AF8E-525400B07C72}.dat

文件名	{DAC4C064-5CCB-11E8-AF8E-525400B07C72}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAC4C064-5CCB-11E8-AF8E-525400B07C72}.dat
文件大小	5120 bytes
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	34e81937118f8fa6f5a44a43f91a081b
SHA1	95b8b58828813d009af5291c0b9f2e0e199b28fb
SHA256	ae53188942cd51c8994ed12b865e9743aedb8b8456a41721762bea6a2d8194e4
SHA512	ccaad6bc23e805256584d410b1cc881124c321dffe8de0847aa1ecac7475ec1a923425c712ba4a519bc8a972dfc777714f04673347b39c78c0eb48838b5637bf
Ssdeep	24:rIB6GuO+Xwj+XJ+XA+X6LrFuNlVo7+XzNlVo7+XHq+Xp+XD0Zv:rW6Gw0oSowC0Zv
VirusTotal	搜索相关分析

A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31

文件名	A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
文件大小	1570 bytes
文件类型	data
MD5	3de786d2489966528b4feee9806992e9
SHA1	b11aecb9a8cf7bf1e9eed9528e565982d816d311
SHA256	b96a6dff80a116e15b07f045dc801f182fc3ba9e3200d835090b5848ccacb960
SHA512	24d523d48f60cfca05a5769e5a8e2afa92d1b93531c2beb70b7daedfbe87f44a0ebf10414c3dd3597925c8e0051b2458914186817156b2643c9ec7d9b85a9e29
Ssdeep	24:CtNUUqXWlFTEUAxEk7HXABK76KBgY6kZ9qBeeCpXsAxOsYPMrIpOhZO/K5Gtat:QCUaWlBEr2GwBCdfjSwIpOhs/Rot
VirusTotal	搜索相关分析

ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

文件名	ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小	1517 bytes
文件类型	data
MD5	c7c8f24032d25b380e3e7d2897a7fe83
SHA1	7cfd56627510f1fc18eb31989c721cabf8d5dcf3
SHA256	e1d3a41cc637d6dedb1032c9b7c7f55a08462fdd0704a20bb561f4d6c3a42c2b
SHA512	8c62b8964c4fa276ba9ff9c3ad27a37e23d6158dbf77803bcb174dea8504acddcd52597c0dbb0d9c18c3118b25f3324df53af330bdd0602e6a89ce54f3dfbfe0
Ssdeep	24:I3aEVli4zYK2xVVTccuH/bNs7EuPPw4FcKaHTKruWl0yVgSp2hWFionwIcC:REVliLZVVwcuH/bNgEuH1FJaHTGuUg1U
VirusTotal	搜索相关分析

BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245

文件名	BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
文件大小	1558 bytes
文件类型	data
MD5	e6d7d67b7e99977fc95834a984138e66
SHA1	785d67d10e328a294203652db69687a3e7557b76
SHA256	796e0ac5c5a8beacb2d72406ec53bcdbcdd6029df647a6dea8d7ecfd63c8f80a
SHA512	4e29b50f26bfc557480c0b4e8786a9d4ea6934eb6bdd07e960338dce3cde29cef12058e1b75103deab5c41b7cdbd25dec98a42093d34f3ce475ec6e6dbdd7e55
Ssdeep	24:fJ6uADmhC2jEWYobQRWTB1n+xiBK7wcTJTdzVKphnKXMrIUrGG+:fJ6x+FGXRG+0BCVJTh0SwIDG+
VirusTotal	搜索相关分析

ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3

文件名	ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
文件大小	492 bytes
文件类型	data
MD5	510180d89bc0dca0aa5cb3abdb8ecc02
SHA1	16008df2ecfb3e06754b88db817009a10f05bf55
SHA256	1326790892cc7d437dc93b4d8386c5ac07ab2d082897c9a60bcdd72006ab9937
SHA512	c5d898040e39b67fa0bb45496892056869e0640bd01703db193601685f083cbe9f1554db96697eb09f0b057833e24f5819a5233ec22220b864e8e064589c7d7e
Ssdeep	12:TI7nl7B5TJN7DWzF0Y1oOkksFyR7uE9SsAUOlJCwldSz:cB1N7DgF0WoLnYRd8JUKYD
VirusTotal	搜索相关分析

favicon[1].png

文件名	favicon[1].png
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].png
文件大小	1323 bytes
文件类型	PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
MD5	ec8de87228fdfac519fc309413f2a20e
SHA1	f1bd01c951fc4b168378ecc5a5682c63e37e1b9b
SHA256	bd878f1241770f93b23333eefb17fffb35727de1c1aaf9e9c746a09c60db103b
SHA512	753a54e0c3416571cd51dab43a98e21a68fd8bf7886ea636f41d4cadfd50e294d82d0db4cf791b43aaf995bb6ceaac7fc769ac8045378edbcf073d3a2bde3bce
Ssdeep	24:gjrPhFoVhSlkKN2tKTakP4pSGLAUTUa8M2f7I3Z8uZIQyvZN7MBHtv+ES:gjrhQSllkt7kQpSaTUTM2cJ8Q0YBzS
VirusTotal	搜索相关分析

z_stat[1].php

文件名	z_stat[1].php
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\z_stat[1].php
文件大小	10995 bytes
文件类型	ASCII text, with very long lines
MD5	eb5f90c00e8be48eeaf919799c48ff55
SHA1	b80a9ba67be2bd05573b7e8e8b6665cba3bec12a
SHA256	9d0d718c0c160eb5ef4ca8644de1baaa8c3a6eee35e057424a042bb91a4eddd7
SHA512	704684366b25297f88ff9ffa0cc357c98bfc9b31c43f3e3256c7ada6f5d4cc32b7595daf3a74453d4cd4442647f69da847e79e6c1f8a79846d78d8c5268b5c8f
Ssdeep	192:ffjkVCOu7xxgsoyHijK/Va2mdhlOepSDg9RA25ywADwDPL+Whu76BA3W:ffjkVCOu7rho6LVafOi9KeVLf86BA3W
VirusTotal	搜索相关分析

core[1].php

文件名	core[1].php
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\core[1].php
文件大小	764 bytes
文件类型	HTML document, ASCII text, with very long lines, with no line terminators
MD5	734c05e26dfb083e7f1f00417a6e7f00
SHA1	86745882b2c956cce753e99f6234587d43dbf101
SHA256	a34a4948d1cd012fbd95d9d695892e4b8d72d62e34523397c6baf6496f4b17e0
SHA512	e1631b64a24c45efd236f084e932ee4208132da773c9693ce2e6049f2e28aa9b48c2fd5d321f7ecdaf6444892d237022456d6442f5e6ea11440900c61d8ef45d
Ssdeep	12:cRqC5YAaTbv2hgWcnQOJRGmN+La5+yIx7Gu2LB2o1wNJ/lgzVjuXiVcELnPXerTW:cRqC6AYL/WOqClCp2LBZ18pyBVNjPcTW
VirusTotal	搜索相关分析

logo[1].png

文件名	logo[1].png
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\logo[1].png
文件大小	21574 bytes
文件类型	PNG image data, 250 x 100, 8-bit/color RGBA, non-interlaced
MD5	2187c3a8f62c1c01dbbc4bbd449bab0a
SHA1	6d9c9b175533f6c7e19623a7c342d636c57612ae
SHA256	9fff3071d93f6b378ab58246d2238927d36c8eb8d667dd56251afaf32bcf1192
SHA512	9866370fc122459c7728bea01e35814fcbea048adb2d3029ef66fc69c61c5cedeaae10a4821e3ef5a8a4da7054b572d39b9e38e75dc99f8e4f2412f1f394dc61
Ssdeep	192:MkIGZ+MA5EBCHaYMHf1qXaOcEBv9HAK1hEfc1i:fIGQ5EBCHLyMXaaLHAI1i
VirusTotal	搜索相关分析

1-1P510211U5L6-lp[1].jpg

文件名	1-1P510211U5L6-lp[1].jpg
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\1-1P510211U5L6-lp[1].jpg
文件大小	11776 bytes
文件类型	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 128x180, frames 3
MD5	060fd9249bf3690fcf9467c3807d0ca0
SHA1	111dd69b3452986de90b2e4889c01cc3c49e37e4
SHA256	8290afbf4aa1672fb0be7c709f67a220e284b78d660f4904d19ece23b7932d0b
SHA512	be0e1130440fa906f73d84fa893ae8cb646b4e2be6df5d8eb03d7bae1638329441aab3b0543568849fecccf8f880e276b95029851028e139c3823eaeb9f2ed93
Ssdeep	192:u8l0D8YKvaVR1D8CSJDdBPqawkcthxn+MURhIjKGZDaPhIUBMshnxtxuTn:uKW3DDmDdhqawbDYBRhIU+shxtoTn
VirusTotal	搜索相关分析

stat[1].htm

文件名	stat[1].htm
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\stat[1].htm
文件大小	2 bytes
文件类型	ASCII text, with no line terminators
MD5	444bcb3a3fcf8389296c49467f27e1d6
SHA1	7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256	2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
SHA512	9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570
Ssdeep	3:V:V
Yara	without_urls (Rule to detect the no presence of any url) without_attachments (Rule to detect the no presence of any attachment) without_images (Rule to detect the no presence of any image)
VirusTotal	搜索相关分析

行为分析

互斥量(Mutexes)

Local\!IETld!Mutex
Local\c:!users!test!appdata!local!microsoft!feeds cache!
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!BrowserEmulation!SharedMemory!Mutex
Local\!IECompat!Mutex
Local\c:!users!test!appdata!roaming!microsoft!windows!iecompatcache!
Local\WininetStartupMutex
ConnHashTable<1136>_HashTable_Mutex
Groove.Mutex.WebServices.Status
Groove.Mutex.SystemServices.Lock
Groove:PathMutex:huJZ0a1oPtB4yGzDQW9lw0niEfg=
Groove:PathMutex:v1n9odwmzLTGaaFW7PZysBRMqq8=
Local\MSCTF.Asm.MutexDefault1
MSIMGSIZECacheMutex
Local\c:!users!test!appdata!roaming!microsoft!windows!ietldcache!
_!SHMSFTHISTORY!_
Local\c:!users!test!appdata!local!microsoft!windows!history!history.ie5!mshist012018052220180523!

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

iexplore.exe PID: 1136, 上一级进程 PID: 1980

iexplore.exe PID: 2260, 上一级进程 PID: 1136

访问的文件

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
\Device\KsecDD
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Users\test\Favorites
C:\
C:\Users
C:\Users\test\AppData\Local\Microsoft\Windows\Caches
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000003c.db
C:\Users\desktop.ini
C:\Users\test
C:\Users\test\Favorites\desktop.ini
C:\Users\test\Desktop\desktop.ini
\??\MountPointManager
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\desktop.ini
\??\Nsi
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files (x86)\Common Files\Adobe
C:\Program Files (x86)\Common Files\Adobe\Acrobat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX
C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)
C:\Program Files (x86)\Microsoft Office
C:\Program Files (x86)\Microsoft Office\Office14
C:\Program Files (x86)\Microsoft Office\Office14\*.*
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Users\test\AppData\Local\microsoft\Office\Groove\User\GFSConfig.xml
C:\Users\test\AppData\Local\microsoft\Office\Groove\User\UnreadMarks.xml
C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
C:\Program Files (x86)\Java
C:\Program Files (x86)\Java\jre1.8.0_121\bin
C:\Program Files (x86)\Java\jre1.8.0_121\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\deploy.dll
C:\Program Files (x86)\Java\jre1.8.0_121\lib\plugin.jar
C:\Program Files (x86)\Java\jre1.8.0_121\bin\javaws.exe
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
C:\Program Files (x86)\Java\jre1.8.0_121
C:\Program Files (x86)\Java\jre1.8.0_121\bin\java.exe
C:\Program Files (x86)\Java\jre1.8.0_121\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\server\jvm.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\m515_net[1].txt
C:\Windows\WindowsShell.manifest
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\m515_net[1].htm
C:\Windows\System32\en-US\MLANG.dll.mui
C:\Windows\sysnative\C_1256.NLS
C:\Windows\sysnative\C_864.NLS
C:\Windows\sysnative\C_708.NLS
C:\Windows\sysnative\C_720.NLS
C:\Windows\sysnative\C_28596.NLS
C:\Windows\sysnative\C_10004.NLS
C:\Windows\sysnative\C_1257.NLS
C:\Windows\sysnative\C_775.NLS
C:\Windows\sysnative\C_28594.NLS
C:\Windows\sysnative\C_1250.NLS
C:\Windows\sysnative\C_852.NLS
C:\Windows\sysnative\C_28592.NLS
C:\Windows\sysnative\C_10029.NLS
C:\Windows\sysnative\C_G18030.DLL
C:\Windows\sysnative\C_20936.NLS
C:\Windows\sysnative\C_IS2022.DLL
C:\Windows\sysnative\C_10008.NLS
C:\Windows\sysnative\C_950.NLS
C:\Windows\sysnative\C_20000.NLS
C:\Windows\sysnative\C_20002.NLS
C:\Windows\sysnative\C_10002.NLS
C:\Windows\sysnative\C_10082.NLS
C:\Windows\sysnative\C_1251.NLS
C:\Windows\sysnative\C_866.NLS
C:\Windows\sysnative\C_28595.NLS
C:\Windows\sysnative\C_20866.NLS
C:\Windows\sysnative\C_21866.NLS
C:\Windows\sysnative\C_10007.NLS
C:\Windows\sysnative\c_28603.nls
C:\Windows\sysnative\C_21027.NLS
C:\Windows\sysnative\C_863.NLS
C:\Windows\sysnative\C_20106.NLS
C:\Windows\sysnative\C_1253.NLS
C:\Windows\sysnative\C_737.NLS
C:\Windows\sysnative\C_28597.NLS
C:\Windows\sysnative\C_10006.NLS
C:\Windows\sysnative\C_869.NLS
C:\Windows\sysnative\C_1255.NLS
C:\Windows\sysnative\C_862.NLS
C:\Windows\sysnative\C_28598.NLS
C:\Windows\sysnative\C_10005.NLS
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[1].php
C:\Windows\sysnative\C_20003.NLS
C:\Windows\sysnative\C_20420.NLS
C:\Windows\sysnative\C_20880.NLS
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[2].php
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\jquery.min[1].js
C:\Windows\sysnative\C_21025.NLS
C:\Windows\sysnative\C_20277.NLS
C:\Windows\sysnative\C_1142.NLS
C:\Windows\sysnative\C_20278.NLS
C:\Windows\sysnative\C_1143.NLS
C:\Windows\sysnative\C_20297.NLS
C:\Windows\sysnative\C_1147.NLS
C:\Windows\sysnative\C_20273.NLS
C:\Windows\sysnative\C_1141.NLS
C:\Windows\sysnative\C_20423.NLS
C:\Windows\sysnative\C_875.NLS
C:\Windows\sysnative\C_20424.NLS
C:\Windows\sysnative\C_20871.NLS
C:\Windows\sysnative\C_1149.NLS
C:\Windows\sysnative\C_500.NLS
C:\Windows\sysnative\C_1148.NLS
C:\Windows\sysnative\C_20280.NLS
C:\Windows\sysnative\C_1144.NLS
C:\Windows\sysnative\C_932.NLS
C:\Windows\sysnative\C_20290.NLS
C:\Windows\sysnative\C_949.NLS
C:\Windows\sysnative\C_20833.NLS
C:\Windows\sysnative\C_870.NLS
C:\Windows\sysnative\C_20284.NLS
C:\Windows\sysnative\C_1145.NLS
C:\Windows\sysnative\C_874.NLS
C:\Windows\sysnative\C_20838.NLS
C:\Windows\sysnative\C_1254.NLS
C:\Windows\sysnative\C_20905.NLS
C:\Windows\sysnative\C_1026.NLS
C:\Windows\sysnative\C_20285.NLS
C:\Windows\sysnative\C_1146.NLS
C:\Windows\sysnative\C_037.NLS
C:\Windows\sysnative\C_1140.NLS
C:\Windows\sysnative\C_1047.NLS
C:\Windows\sysnative\C_20924.NLS
C:\Windows\sysnative\C_861.NLS
C:\Windows\sysnative\C_10079.NLS
C:\Windows\sysnative\C_ISCII.DLL
C:\Windows\sysnative\C_20269.NLS
C:\Windows\sysnative\C_20932.NLS
C:\Windows\sysnative\C_10001.NLS
C:\Windows\sysnative\C_20949.NLS
C:\Windows\sysnative\C_1361.NLS
C:\Windows\sysnative\C_10003.NLS
C:\Windows\sysnative\C_28593.NLS
C:\Windows\sysnative\C_28605.NLS
C:\Windows\sysnative\C_865.NLS
C:\Windows\sysnative\C_20108.NLS
C:\Windows\sysnative\C_855.NLS
C:\Windows\sysnative\C_437.NLS
C:\Windows\sysnative\C_858.NLS
C:\Windows\sysnative\C_860.NLS
C:\Windows\sysnative\C_10010.NLS
C:\Windows\sysnative\C_20107.NLS
C:\Windows\sysnative\C_20261.NLS
C:\Windows\sysnative\C_20001.NLS
C:\Windows\sysnative\C_20004.NLS
C:\Windows\sysnative\C_10021.NLS
C:\Windows\sysnative\C_857.NLS
C:\Windows\sysnative\C_28599.NLS
C:\Windows\sysnative\C_10081.NLS
C:\Windows\sysnative\C_10017.NLS
C:\Windows\sysnative\C_1258.NLS
C:\Windows\sysnative\C_20005.NLS
C:\Windows\sysnative\C_850.NLS
C:\Windows\sysnative\C_20105.NLS
C:\Windows\sysnative\C_28591.NLS
C:\Windows\sysnative\C_10000.NLS
C:\Users\test\AppData\Local\Microsoft
C:\Users\test\AppData\Local\Microsoft\Internet Explorer
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\logo[1].png
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\1-1P41FU429350-lp[1].jpg
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\1-1P510211U5L6-lp[1].jpg
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\1-1P4220230214R-lp[1].jpg
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\1-1P502015104127-lp[1].jpg
C:\Users\test\AppData\LocalLow
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\19400267[1].js
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\z_stat[1].php
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\picture_stat[1].js
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\stat[1].png
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\stat[1].htm
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\core[1].php
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Users\test\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\test\AppData
C:\Users\test\AppData\Local
C:\Users\test\AppData\Local\Microsoft\Windows
C:\Users\test\AppData\Local\Microsoft\Windows\History
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052220180523\
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052220180523\index.dat
C:\Windows\System32\shell32.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\favicon[1].ico
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\favicon[2].ico
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].png

读取的文件

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
\Device\KsecDD
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\test\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000003c.db
C:\Users\desktop.ini
C:\Users
C:\Users\test
C:\Users\test\Favorites\desktop.ini
C:\Users\test\Desktop\desktop.ini
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\deploy.dll
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\WindowsShell.manifest
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\m515_net[1].htm
C:\Windows\System32\en-US\MLANG.dll.mui
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[2].php
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\jquery.min[1].js
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[1].php
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\19400267[1].js
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\z_stat[1].php
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\picture_stat[1].js
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\core[1].php
C:\Users\test\AppData
C:\Users\test\AppData\Local
C:\Users\test\AppData\Local\Microsoft
C:\Users\test\AppData\Local\Microsoft\Windows
C:\Users\test\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052220180523\index.dat
C:\Windows\System32\shell32.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].png

修改的文件

C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\m515_net[1].txt
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[1].php
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ad_js[2].php
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\jquery.min[1].js
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\logo[1].png
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\1-1P41FU429350-lp[1].jpg
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\1-1P510211U5L6-lp[1].jpg
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\1-1P4220230214R-lp[1].jpg
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\1-1P502015104127-lp[1].jpg
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\19400267[1].js
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\z_stat[1].php
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\picture_stat[1].js
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\stat[1].png
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\stat[1].htm
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\core[1].php
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052220180523\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\favicon[1].ico
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\favicon[2].ico

删除的文件

C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].png

注册表键

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Low Rights
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SQM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\74DD1FC8
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Classes\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\DontUseDesktopChangeRouter
HKEY_CURRENT_USER\Software\Classes\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnablePreBinding
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\Software\Microsoft\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Feeds\UrlCacheVersion
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\Feature_Enable_Compat_Logging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AutodialDLL
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\AllSitesCompatibilityMode
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IntranetCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoFavorites
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoHelpMenu
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\StatusBarWeb
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CommandBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CommandBar\SmallIcons
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Marlett
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Version
HKEY_CURRENT_USER\Software\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Blocked
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\GROOVEEX.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Groove
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\14.0\Groove\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Groove\InstallRoot\Path
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ssv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time
HKEY_CURRENT_USER\SOFTWARE\JavaSoft\DeploymentProperties\pending
HKEY_CURRENT_USER\SOFTWARE\JavaSoft\DeploymentProperties
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.expiration.decision.11.121.2
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.expiration.decision.suppression.11.121.2
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.expiration.decision.timestamp.11.121.2
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.webjava.enabled
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\11.121.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\11.121.2\UseNewJavaPlugin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b4f3a835-0e21-4959-ba22-42b3008e02ff}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\URLREDIR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dbc80044-a445-435b-bc74-9c25c1c588a9}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\jp2ssv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\11.121.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\11.121.2\JavaHome
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\11.121.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Web Start\11.121.2\Home
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\TreatAs\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_CURRENT_USER\Software\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_121
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.8.0_121\JavaHome
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBB}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBB}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Suggested Sites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security
HKEY_CURRENT_USER\Software\Microsoft\Security
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InsecureQI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\AllowConsecutiveSlashesInUrlPathComponent
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OptimisticBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableInPrivateBlocking
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MediaTypeClass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_CURRENT_USER\Software\Classes\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Classes\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\MenuUserExpanded
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html; charset=gb2312
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html; charset=gb2312
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html; charset=gb2312
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*
HKEY_CLASSES_ROOT\.txt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\Floppy Access
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\about\
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\about
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnStartup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnZoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetZoomOnStartup2
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PhishingFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\SmartDithering
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SmartDithering
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseClearType
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Page_Transitions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Stylesheets
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseThemes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\International\Scripts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\Use My Stylesheet
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableLogging
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CONVERT_A3A0INGB2312
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CONVERT_A3A0INGB2312
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Enable
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Factor
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Cache
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1256
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\864
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\708
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51256
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\720
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28596
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1257
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\775
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28594
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1250
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\852
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28592
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10029
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\54936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\52936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50227
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10008
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50229
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10082
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1251
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51251
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\866
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28595
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20866
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\21866
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28603
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\29001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\21027
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\863
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20106
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1253
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51253
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\737
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28597
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-javascript
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10006
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\869
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1255
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\862
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\38598
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28598
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10005
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20420
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20880
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\21025
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20277
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1142
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20278
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1143
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20297
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1147
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20273
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1141
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20423
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\875
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20424
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20871
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1149
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\500
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1148
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20280
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1144
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50930
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50939
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50931
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20290
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50933
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20833
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\870
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50935
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20284
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1145
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\874
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20838
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50937
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1254
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20905
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1026
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20285
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1146
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\37
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1140
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1047
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20924
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\861
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10079
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57006
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57008
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57009
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57011
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57005
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20269
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50220
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50221
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50222
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50225
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1361
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28593
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28605
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\865
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20108
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\855
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\437
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\858
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\860
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20107
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20261
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10021
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\857
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28599
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10081
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10017
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1201
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1258
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20005
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\850
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20105
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28591
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\DxTrans
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DxTrans
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\DxTrans
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2000
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Default Behaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default Behaviors\discovery
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BINARY_CALLER_SERVICE_PROVIDER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BINARY_CALLER_SERVICE_PROVIDER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoNavButtons
HKEY_CURRENT_USER\Software\Classes\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_STATUS_BAR_THROTTLING
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\*
HKEY_CLASSES_ROOT\MIME\Database\Content Type\image/png
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/png\Extension
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\https\
HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\image/jpeg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/jpeg\Extension
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/javascript
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCTYPE_FOCUS_SCROLLBAR_KB838386
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DOCTYPE_FOCUS_SCROLLBAR_KB838386
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/javascript
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html; charset=utf-8
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.htm
HKEY_CLASSES_ROOT\.htm
HKEY_CURRENT_USER\Software\Classes\.htm\(Default)
HKEY_CLASSES_ROOT\.htm\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
HKEY_CLASSES_ROOT\htmlfile
HKEY_CLASSES_ROOT\FirefoxHTML
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\Progid
HKEY_CLASSES_ROOT\IE.AssocFile.HTM
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\opennew
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\opennew\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\edit
HKEY_CLASSES_ROOT\.htm\OpenWithList
HKEY_CLASSES_ROOT\Applications\Excel.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Default HTML Editor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\Stubs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Excel.Sheet\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Excel.Sheet
HKEY_CLASSES_ROOT\Excel.Sheet
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet\CurVer\(Default)
HKEY_CLASSES_ROOT\Excel.Sheet.12
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\shell\Open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\shell\Open\NeverDefault
HKEY_CLASSES_ROOT\Applications\Microsoft Excel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\(Default)
HKEY_CLASSES_ROOT\Applications\Microsoft Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\(Default)
HKEY_CLASSES_ROOT\Applications\Microsoft Word
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Word.Document\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Word.Document
HKEY_CLASSES_ROOT\Word.Document
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document\CurVer\(Default)
HKEY_CLASSES_ROOT\Word.Document.12
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\shell\Open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\shell\Open\NeverDefault
HKEY_CLASSES_ROOT\Applications\MSPub.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\(Default)
HKEY_CLASSES_ROOT\Applications\notepad.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\edit\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\edit\command\(Default)
HKEY_CLASSES_ROOT\Applications\WinWord.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Winword.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Winword.exe\shell\edit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Winword.exe\shell\edit\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Winword.exe\shell\edit\command\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CheckDocumentForProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\CheckDocumentForProgID
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feed Discovery
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feed Discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Sound
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feed Discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feed Discovery\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feed Discovery\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feeds
HKEY_CURRENT_USER\Software\Microsoft\Ftp
HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Services
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services\SelectionActivityButtonDisable
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Activities
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Activities
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Activities
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}
HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ff393560-c2a7-11cf-bff4-444553540000}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{FF393560-C2A7-11CF-BFF4-444553540000}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\NameCustomizations
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\LocalizedString
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\EnabledScopes
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Error Dlg Displayed On Every Error
HKEY_CLASSES_ROOT\MIME\Database\Content Type\image/x-icon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/x-icon\Extension
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchProviders\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask

读取的注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\74DD1FC8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\DontUseDesktopChangeRouter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnablePreBinding
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Feeds\UrlCacheVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AutodialDLL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\AllSitesCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IntranetCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoFavorites
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoHelpMenu
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\StatusBarWeb
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CommandBar\SmallIcons
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Groove\InstallRoot\Path
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.expiration.decision.11.121.2
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.expiration.decision.suppression.11.121.2
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.expiration.decision.timestamp.11.121.2
HKEY_CURRENT_USER\Software\JavaSoft\DeploymentProperties\deployment.webjava.enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\11.121.2\UseNewJavaPlugin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\11.121.2\JavaHome
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Web Start\11.121.2\Home
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\TreatAs\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.8.0_121\JavaHome
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\AllowConsecutiveSlashesInUrlPathComponent
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OptimisticBHO
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableInPrivateBlocking
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\MenuUserExpanded
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnStartup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnZoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetZoomOnStartup2
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\SmartDithering
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SmartDithering
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseClearType
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Page_Transitions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Stylesheets
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseThemes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\Use My Stylesheet
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableLogging
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SecurityIdIUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Enable
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Factor
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Cache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1256
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\864
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\708
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51256
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\720
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28596
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1257
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\775
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28594
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1250
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\852
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28592
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10029
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\54936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\52936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50227
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10008
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50229
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10082
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1251
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51251
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\866
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28595
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20866
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\21866
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28603
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\29001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\21027
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\863
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20106
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1253
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51253
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\737
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28597
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10006
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\869
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1255
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\862
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\38598
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28598
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10005
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20420
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20880
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\21025
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20277
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1142
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20278
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1143
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20297
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1147
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20273
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1141
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20423
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\875
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20424
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20871
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1149
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\500
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1148
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20280
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1144
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50930
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50939
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50931
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20290
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50933
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20833
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\870
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50935
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20284
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1145
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\874
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20838
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50937
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1254
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20905
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1026
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20285
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1146
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\37
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1140
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1047
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20924
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\861
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10079
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57006
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57008
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57009
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57011
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\57005
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20269
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50220
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50221
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50222
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\51949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\50225
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1361
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28593
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28605
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\865
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20108
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\855
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\437
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\858
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\860
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20107
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20261
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10021
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\857
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28599
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10081
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10017
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1201
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1258
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20005
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\850
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\20105
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\28591
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\10000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default Behaviors\discovery
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoNavButtons
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/png\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/jpeg\Extension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.htm
HKEY_CURRENT_USER\Software\Classes\.htm\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\opennew\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\Stubs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet\CurVer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.12\shell\Open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document\CurVer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\shell\Open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Winword.exe\shell\edit\command\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CheckDocumentForProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\CheckDocumentForProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Sound
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Enabled
HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services\SelectionActivityButtonDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\LocalizedString
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\EnabledScopes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Error Dlg Displayed On Every Error
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/x-icon\Extension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask

修改的注册表键

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018052220180523\CacheRepair

删除的注册表键

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

API解析

advapi32.dll.EventWrite
advapi32.dll.EventRegister
advapi32.dll.EventUnregister
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.SetProcessDEPPolicy
user32.dll.SetProcessDPIAware
shell32.dll.SetCurrentProcessExplicitAppUserModelID
user32.dll.GetShellWindow
user32.dll.GetWindowThreadProcessId
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ieframe.dll.#251
kernel32.dll.WerSetFlags
comctl32.dll.PropertySheetW
comctl32.dll.PropertySheetA
comdlg32.dll.PageSetupDlgW
comdlg32.dll.PrintDlgW
ieshims.dll.IEShims_Initialize
kernel32.dll.VirtualProtect
user32.dll.SetWindowsHookExW
user32.dll.FindWindowExA
kernel32.dll.WaitForSingleObject
kernel32.dll.CreateProcessW
kernel32.dll.CreateProcessA
advapi32.dll.RegQueryValueA
ntdll.dll.LdrRegisterDllNotification
ole32.dll.CoGetApartmentType
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoTaskMemAlloc
ole32.dll.CoGetMalloc
cryptbase.dll.SystemFunction036
kernel32.dll.WerRegisterMemoryBlock
kernel32.dll.WerUnregisterMemoryBlock
user32.dll.RegisterWindowMessageW
rpcrt4.dll.RpcServerUseProtseqW
rpcrt4.dll.RpcServerRegisterIfEx
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
rpcrt4.dll.RpcServerInqBindings
rpcrt4.dll.RpcEpRegisterW
rpcrt4.dll.RpcServerListen
shell32.dll.SHGetInstanceExplorer
user32.dll.RegisterClassExW
user32.dll.CreateWindowExW
user32.dll.DefWindowProcW
user32.dll.SetWindowLongW
ole32.dll.CoInitializeEx
user32.dll.MsgWaitForMultipleObjectsEx
urlmon.dll.#400
shell32.dll.SHGetFolderPathW
advapi32.dll.TraceMessage
advapi32.dll.TraceMessageVa
kernel32.dll.IsWow64Process
sqmapi.dll.SqmGetSession
sqmapi.dll.SqmEndSession
sqmapi.dll.SqmStartSession
sqmapi.dll.SqmStartUpload
sqmapi.dll.SqmWaitForUploadComplete
sqmapi.dll.SqmSet
sqmapi.dll.SqmSetBool
sqmapi.dll.SqmSetBits
sqmapi.dll.SqmSetString
sqmapi.dll.SqmIncrement
sqmapi.dll.SqmSetIfMax
sqmapi.dll.SqmSetIfMin
sqmapi.dll.SqmAddToAverage
sqmapi.dll.SqmAddToStreamDWord
sqmapi.dll.SqmAddToStreamString
sqmapi.dll.SqmSetAppId
sqmapi.dll.SqmSetAppVersion
sqmapi.dll.SqmSetMachineId
sqmapi.dll.SqmSetUserId
sqmapi.dll.SqmCreateNewId
sqmapi.dll.SqmReadSharedMachineId
sqmapi.dll.SqmReadSharedUserId
sqmapi.dll.SqmWriteSharedMachineId
sqmapi.dll.SqmWriteSharedUserId
sqmapi.dll.SqmIsWindowsOptedIn
advapi32.dll.OpenThreadToken
ole32.dll.CreateBindCtx
ole32.dll.CoRegisterInitializeSpy
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
comctl32.dll.#328
comctl32.dll.#334
advapi32.dll.RegEnumKeyW
oleaut32.dll.#2
ole32.dll.CoCreateInstance
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#332
comctl32.dll.#338
comctl32.dll.#339
shell32.dll.#102
ole32.dll.CoUninitialize
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PSPropertyBag_WriteStr
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
ole32.dll.PropVariantClear
oleaut32.dll.#9
propsys.dll.PSPropertyBag_WriteGUID
propsys.dll.PSPropertyBag_ReadGUID
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.NdrClientCall2
user32.dll.PostMessageW
user32.dll.GetWindowLongW
ole32.dll.CoUnmarshalInterface
sechost.dll.LookupAccountNameLocalW
rpcrt4.dll.RpcBindingFree
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
user32.dll.PeekMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
wininet.dll.InternetSetOptionW
ieproxy.dll.DllGetClassObject
ieproxy.dll.DllCanUnloadNow
shell32.dll.SHChangeNotifyRegisterThread
comctl32.dll.#4
ieshims.dll.IEShims_SetRedirectRegistryForThread
apphelp.dll.ApphelpCheckShellObject
urlmon.dll.CreateUri
advapi32.dll.AddMandatoryAce
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
wininet.dll.GetUrlCacheEntryInfoW
rpcrt4.dll.RpcBindingToStringBindingW
rpcrt4.dll.RpcStringBindingParseW
rpcrt4.dll.I_RpcBindingInqLocalClientPID
rpcrt4.dll.RpcServerInqCallAttributesW
rpcrt4.dll.RpcImpersonateClient
rpcrt4.dll.RpcRevertToSelf
rpcrt4.dll.NdrServerCall2
rpcrt4.dll.RpcBindingInqObject
urlmon.dll.CreateURLMonikerEx
urlmon.dll.CreateAsyncBindCtxEx
urlmon.dll.RegisterBindStatusCallback
urlmon.dll.UrlMkGetSessionOption
rasapi32.dll.RasConnectionNotificationW
sechost.dll.OpenServiceA
sechost.dll.NotifyServiceStatusChangeA
nlaapi.dll.NSPStartup
iphlpapi.dll.GetAdapterIndex
rasadhlp.dll.WSAttemptAutodialAddr
rasadhlp.dll.WSAttemptAutodialName
rasadhlp.dll.WSNoteSuccessfulHostentLookup
mlang.dll.#121
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.#444
urlmon.dll.#445
comctl32.dll.ImageList_Destroy
comctl32.dll.ImageList_LoadImageW
comctl32.dll.ImageList_Add
wininet.dll.GetUrlCacheEntryInfoExW
mlang.dll.#112
wininet.dll.GetUrlCacheEntryInfoExA
uxtheme.dll.OpenThemeData
comctl32.dll.#410
uxtheme.dll.IsAppThemed
comctl32.dll.#413
uxtheme.dll.SetWindowTheme
wininet.dll.InternetQueryOptionA
ole32.dll.CoInitialize
ole32.dll.RegisterDragDrop
uxtheme.dll.IsThemeActive
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetTextExtentExPointWPri
advapi32.dll.RegEnumValueW
urlmon.dll.CoInternetCreateZoneManager
urlmon.dll.CoInternetIsFeatureEnabledForUrl
urlmon.dll.#104
kernel32.dll.InterlockedPushEntrySList
kernel32.dll.InterlockedPopEntrySList
user32.dll.MsgWaitForMultipleObjects
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegEnumKeyA
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
deploy.dll.getLatestInstalledVersion
advapi32.dll.RegEnumKeyExA
shlwapi.dll.PathFileExistsA
sxs.dll.SxsOleAut32RedirectTypeLibrary
advapi32.dll.RegOpenKeyW
advapi32.dll.RegQueryValueW
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
comctl32.dll.ImageList_Create
comctl32.dll.#8
comctl32.dll.ImageList_AddMasked
comctl32.dll.LoadIconWithScaleDown
comctl32.dll.ImageList_ReplaceIcon
urlmon.dll.RevokeBindStatusCallback
urlmon.dll.CreateFormatEnumerator
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
urlmon.dll.CreateIUriBuilder
urlmon.dll.IntlPercentEncodeNormalize
user32.dll.ChangeWindowMessageFilter
dwmapi.dll.DwmSetWindowAttribute
user32.dll.IsWindow
user32.dll.SendMessageW
oleaut32.dll.#500
ole32.dll.CoRevokeInitializeSpy
imm32.dll.ImmGetContext
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
wininet.dll.GetUrlCacheEntryInfoA
urlmon.dll.CoInternetQueryInfo
wininet.dll.CommitUrlCacheEntryA
oleaut32.dll.#7
oleaut32.dll.#8
ieframe.dll.#302
urlmon.dll.RegisterFormatEnumerator
urlmon.dll.#101
kernel32.dll.GetThreadUILanguage
oleaut32.dll.VariantClear
oleaut32.dll.#4
wininet.dll.InternetUnlockRequestFile
urlmon.dll.CoInternetIsFeatureEnabled
urlmon.dll.#441
msimtf.dll.MsimtfIsWindowFiltered
oleacc.dll.LresultFromObject
user32.dll.GetGUIThreadInfo
user32.dll.GetCursorInfo
user32.dll.GetWindowInfo
user32.dll.GetTitleBarInfo
user32.dll.GetScrollBarInfo
user32.dll.GetComboBoxInfo
user32.dll.GetAncestor
user32.dll.RealChildWindowFromPoint
user32.dll.RealGetWindowClassW
user32.dll.GetAltTabInfoW
user32.dll.GetListBoxInfo
user32.dll.GetMenuBarInfo
user32.dll.SendInput
user32.dll.BlockInput
user32.dll.LogicalToPhysicalPoint
user32.dll.PhysicalToLogicalPoint
user32.dll.WindowFromPhysicalPoint
user32.dll.GetPhysicalCursorPos
kernel32.dll.GetModuleFileNameW
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtAllocateVirtualMemory
ntdll.dll.NtFreeVirtualMemory
oleacc.dll.ObjectFromLresult
urlmon.dll.#335
oleaut32.dll.#19
oleaut32.dll.#17
oleaut32.dll.#20
oleaut32.dll.#23
oleaut32.dll.#22
oleaut32.dll.BSTR_UserSize
oleaut32.dll.BSTR_UserMarshal
oleaut32.dll.BSTR_UserUnmarshal
oleaut32.dll.BSTR_UserFree
oleaut32.dll.VARIANT_UserSize
oleaut32.dll.VARIANT_UserMarshal
oleaut32.dll.VARIANT_UserUnmarshal
oleaut32.dll.VARIANT_UserFree
oleaut32.dll.LPSAFEARRAY_UserSize
oleaut32.dll.LPSAFEARRAY_UserMarshal
oleaut32.dll.LPSAFEARRAY_UserUnmarshal
oleaut32.dll.LPSAFEARRAY_UserFree
ole32.dll.CoGetObjectContext
imgutil.dll.DecodeImage
urlmon.dll.#330
cryptsp.dll.SystemFunction035
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
crypt32.dll.CertDuplicateStore
crypt32.dll.CertControlStore
crypt32.dll.CertCloseStore
secur32.dll.FreeContextBuffer
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
ncrypt.dll.SslFreeObject
ncrypt.dll.SslLookupCipherSuiteInfo
crypt32.dll.CertDuplicateCertificateContext
wintrust.dll.HTTPSCertificateTrust
wintrust.dll.HTTPSFinalProv
wintrust.dll.SoftpubInitialize
wintrust.dll.SoftpubLoadMessage
wintrust.dll.SoftpubLoadSignature
wintrust.dll.SoftpubCheckCert
wintrust.dll.SoftpubCleanup
cryptsp.dll.CryptAcquireContextA
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
shlwapi.dll.StrStrIW
winhttp.dll.WinHttpQueryDataAvailable
winhttp.dll.WinHttpReadData
winhttp.dll.WinHttpCloseHandle
crypt32.dll.CertDuplicateCertificateChain
crypt32.dll.CertGetCertificateContextProperty
cryptsp.dll.CryptReleaseContext
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertFreeCertificateContext
ncrypt.dll.SslLookupCipherLengths
ncrypt.dll.SslEncryptPacket
ncrypt.dll.SslDecryptPacket
ncrypt.dll.SslDecrementProviderReferenceCount
propsys.dll.#430
advapi32.dll.RegGetValueW
propsys.dll.InitPropVariantFromStringAsVector
propsys.dll.PSCoerceToCanonicalValue
propsys.dll.PropVariantToStringAlloc
wininet.dll.FindFirstUrlCacheContainerA
wininet.dll.FindNextUrlCacheContainerA
wininet.dll.FindCloseUrlCache
wininet.dll.CreateUrlCacheContainerA
wininet.dll.CommitUrlCacheEntryW
wininet.dll.InternetGetConnectedState
urlmon.dll.#395
urlmon.dll.URLDownloadToCacheFileW
urlmon.dll.#414
dwmapi.dll.DwmInvalidateIconicBitmaps
wininet.dll.DeleteUrlCacheEntryW
imm32.dll.ImmGetCompositionWindow
imm32.dll.ImmGetCandidateWindow
ws2_32.dll.#116
ws2_32.dll.#3

魔盾安全分析报告

2.45

可疑的

URL信息

特征

运行截图

网络分析

访问主机记录

域名解析

TCP连接

UDP连接

HTTP请求

ICMP请求

投放文件

index.dat

picture_stat[1].js

ad_js[1].php

stat[1].png

1-1P4220230214R-lp[1].jpg

index.dat

MSIMGSIZ.DAT

RecoveryStore.{DAC4C063-5CCB-11E8-AF8E-525400B07C72}.dat

index.dat

19400267[1].js

index.dat

1-1P41FU429350-lp[1].jpg

BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245

ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3

1-1P502015104127-lp[1].jpg

A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31

ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

jquery.min[1].js

{DAC4C064-5CCB-11E8-AF8E-525400B07C72}.dat

A053CFB63FC8E6507871752236B5CCD5_2033A640C71BC0AB949022F9AF176D31

ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

BD5208ADDEC1165FD57AF2BF2F455EAA_122109DC1B817B623370C1AE58AD2245

ACF244F1A10D4DBED0D88EBA0C43A9B5_3FB9EBFC1D18D5E09631A5E5A62F6EF3

favicon[1].png

z_stat[1].php

core[1].php

logo[1].png

1-1P510211U5L6-lp[1].jpg

stat[1].htm

行为分析

进程

iexplore.exe PID: 1136, 上一级进程 PID: 1980

iexplore.exe PID: 2260, 上一级进程 PID: 1136