魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2018-07-20 18:11:07 | 2018-07-20 18:13:39 | 152 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp01-1 | win7-sp1-x64-shaapp01-1 | KVM | 2018-07-20 18:11:08 | 2018-07-20 18:13:27 |
| 魔盾分数 |
|---|
10.0Zpevdo |
文件详细信息
| 文件名 | ntp2.exe |
|---|---|
| 文件大小 | 888307 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| CRC32 | 80DAF209 |
| MD5 | 61ccff02f9d36276df27fb9efac4d83b |
| SHA1 | 219c02166b70d6208244b74f3926793309756f86 |
| SHA256 | 94667e6af65a184492db52d3ffd3757516e746f515300b0c6bda1e9f8befc62c |
| SHA512 | 0d14952f60f7dc4faec4f18c97aa2d32d7b5c4a73cde0456a1d154314527cf3926304bfc548bd72e74d368e31fcf5daa5c9444650818410201486bf208e21574 |
| Ssdeep | 24576:EVtsAodAUUN6kidPBLnV9GUt4Gzv7b1w1fQssX9uD1TDKiw:SsAo3UNUdZLnV4jGzK1fGkD1lw |
| PEiD | 无匹配 |
| Yara | 无Yara规则匹配 |
| VirusTotal |
VirusTotal链接 VirusTotal扫描时间: 2018-07-20 06:51:06 扫描结果: 22/67 |
特征
创建RWX内存
可能进行了时间有效期检查,检查本地时间后过早退出
从文件自身的二进制镜像中读取数据
self_read: process: ntp2.exe, pid: 1808, offset: 0x00000000, length: 0x00009200
self_read: process: ntp2.exe, pid: 1808, offset: 0x0000901c, length: 0x000cfdd7
创建一个隐藏文件或系统文件
file: C:\Users\test\AppData\Roaming\Adobe
投放出一个二进制文件并执行它
binary: C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\dev31B0.exe
binary: C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\sudoku.exe
binary: C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.exe
binary: C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe
投放了一个或多个可疑文件
suspicious: c:\users\test\appdata\roaming\adobesystem.log
suspicious: c:\users\test\appdata\roaming\adobesystem.log
通过进程尝试长时间延迟分析任务
Process: sudoku.exe tried to sleep 607 seconds, actually delayed analysis time by 0 seconds
Process: ntp2.exe tried to sleep 283 seconds, actually delayed analysis time by 0 seconds
将自己装载到Windows开机自动启动项目
file: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sudoku.lnk
检查注册表中的磁盘驱动器,可能被用来实现反虚拟机
文件已被至少十个VirusTotal上的反病毒引擎检测为病毒
McAfee: RDN/Generic PWS.y
Symantec: Trojan Horse
ESET-NOD32: a variant of Generik.BGKPXPZ
TrendMicro-HouseCall: TROJ_GEN.R002H07GJ18
GData: Win32.Trojan.Agent.G2DC1Y
Kaspersky: HEUR:Trojan-Spy.Win32.Agent.gen
ViRobot: Trojan.Win32.Z.Agent.888307
Avast: Win32:Malware-gen
Comodo: .UnclassifiedMalware
DrWeb: Trojan.MulDrop8.31121
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.Dropper.cc
Sophos: Mal/Generic-S
Cyren: W32/Trojan.UVWO-0971
MAX: malware (ai score=95)
Microsoft: Trojan:Win32/Zpevdo.A
AegisLab: Troj.Spy.W32.Agent!c
ZoneAlarm: HEUR:Trojan-Spy.Win32.Agent.gen
Malwarebytes: Backdoor.Bot
AVG: Win32:Malware-gen
CrowdStrike: malicious_confidence_90% (W)
Qihoo-360: Win32/Trojan.Spy.94c
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 80.82.67.194 | Netherlands |
域名解析
| 域名 | 响应 |
|---|---|
| api-rambler.com | A 80.82.67.194 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 80.82.67.194 | 443 |
| 80.82.67.194 | 443 |
| 80.82.67.194 | 443 |
| 80.82.67.194 | 443 |
| 80.82.67.194 | 443 |
| 80.82.67.194 | 443 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00403217 |
| 声明校验值 | 0x000ddd0f |
| 实际校验值 | 0x000ddd0f |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2014-05-12 04:03:36 |
| 载入哈希 | 59a4a44a250c4cf4f2d9de2b3fe5d95f |
| 图标 |  |
| 图标精确哈希值 | 5642c277638a98c845acc88573571251 |
| 图标相似性哈希值 | 3eb36951cff76a1942a440bf5088cce4 |
版本信息
| LegalCopyright: | (c) Florian Balmer 2004-2011 |
| FileVersion: | 4.2.25.0 |
| CompanyName: | Florian Balmer Inc. |
| ProductName: | sudoku |
| ProductVersion: | 4.2.25.0 |
| FileDescription: | sudoku |
| Translation: | 0x0409 0x04e4 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00005be2 | 0x00005c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.48 |
| .rdata | 0x00007000 | 0x000011ce | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.24 |
| .data | 0x00009000 | 0x0001a7d8 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.93 |
| .ndata | 0x00024000 | 0x00009000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x0002d000 | 0x00001881 | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.77 |
覆盖
| 偏移量: | 0x00009000 |
| 大小: | 0x000cfdf3 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x0002d370 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.28 | GLS_BINARY_LSB_FIRST |
| RT_MENU | 0x0002d85c | 0x000002ae | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.44 | data |
| RT_MENU | 0x0002d85c | 0x000002ae | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.44 | data |
| RT_DIALOG | 0x0002dd28 | 0x00000060 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.49 | data |
| RT_DIALOG | 0x0002dd28 | 0x00000060 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.49 | data |
| RT_DIALOG | 0x0002dd28 | 0x00000060 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.49 | data |
| RT_STRING | 0x0002deec | 0x000000cc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.04 | data |
| RT_STRING | 0x0002deec | 0x000000cc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.04 | data |
| RT_ACCELERATOR | 0x0002dfb8 | 0x00000050 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | data |
| RT_GROUP_ICON | 0x0002e008 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.92 | MS Windows icon resource - 1 icon, 16x32 |
| RT_VERSION | 0x0002e01c | 0x00000258 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.30 | data |
| RT_MANIFEST | 0x0002e57c | 0x00000305 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.27 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
| RT_MANIFEST | 0x0002e57c | 0x00000305 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.27 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库 KERNEL32.dll:
• 0x407060 - GetTickCount
• 0x407064 - GetFullPathNameA
• 0x407068 - MoveFileA
• 0x40706c - SetCurrentDirectoryA
• 0x407070 - GetFileAttributesA
• 0x407074 - GetLastError
• 0x407078 - CreateDirectoryA
• 0x40707c - SetFileAttributesA
• 0x407080 - SearchPathA
• 0x407084 - GetShortPathNameA
• 0x407088 - CreateFileA
• 0x40708c - GetFileSize
• 0x407090 - GetModuleFileNameA
• 0x407094 - ReadFile
• 0x407098 - GetCurrentProcess
• 0x40709c - CopyFileA
• 0x4070a0 - ExitProcess
• 0x4070a4 - SetEnvironmentVariableA
• 0x4070a8 - Sleep
• 0x4070ac - CloseHandle
• 0x4070b0 - GetCommandLineA
• 0x4070b4 - SetErrorMode
• 0x4070b8 - LoadLibraryA
• 0x4070bc - lstrlenA
• 0x4070c0 - lstrcpynA
• 0x4070c4 - GetDiskFreeSpaceA
• 0x4070c8 - GlobalUnlock
• 0x4070cc - GlobalLock
• 0x4070d0 - CreateThread
• 0x4070d4 - CreateProcessA
• 0x4070d8 - RemoveDirectoryA
• 0x4070dc - GetTempFileNameA
• 0x4070e0 - lstrcpyA
• 0x4070e4 - lstrcatA
• 0x4070e8 - GetSystemDirectoryA
• 0x4070ec - GetVersion
• 0x4070f0 - GetProcAddress
• 0x4070f4 - GlobalAlloc
• 0x4070f8 - CompareFileTime
• 0x4070fc - SetFileTime
• 0x407100 - ExpandEnvironmentStringsA
• 0x407104 - lstrcmpiA
• 0x407108 - lstrcmpA
• 0x40710c - WaitForSingleObject
• 0x407110 - GlobalFree
• 0x407114 - GetExitCodeProcess
• 0x407118 - GetModuleHandleA
• 0x40711c - GetTempPathA
• 0x407120 - GetWindowsDirectoryA
• 0x407124 - LoadLibraryExA
• 0x407128 - FindFirstFileA
• 0x40712c - FindNextFileA
• 0x407130 - DeleteFileA
• 0x407134 - SetFilePointer
• 0x407138 - WriteFile
• 0x40713c - FindClose
• 0x407140 - WritePrivateProfileStringA
• 0x407144 - MultiByteToWideChar
• 0x407148 - MulDiv
• 0x40714c - GetPrivateProfileStringA
• 0x407150 - FreeLibrary
库 USER32.dll:
• 0x407174 - CreateWindowExA
• 0x407178 - EndDialog
• 0x40717c - ScreenToClient
• 0x407180 - GetWindowRect
• 0x407184 - EnableMenuItem
• 0x407188 - GetSystemMenu
• 0x40718c - SetClassLongA
• 0x407190 - IsWindowEnabled
• 0x407194 - SetWindowPos
• 0x407198 - GetSysColor
• 0x40719c - GetWindowLongA
• 0x4071a0 - SetCursor
• 0x4071a4 - LoadCursorA
• 0x4071a8 - CheckDlgButton
• 0x4071ac - GetMessagePos
• 0x4071b0 - LoadBitmapA
• 0x4071b4 - CallWindowProcA
• 0x4071b8 - IsWindowVisible
• 0x4071bc - CloseClipboard
• 0x4071c0 - GetDC
• 0x4071c4 - SystemParametersInfoA
• 0x4071c8 - RegisterClassA
• 0x4071cc - TrackPopupMenu
• 0x4071d0 - AppendMenuA
• 0x4071d4 - CreatePopupMenu
• 0x4071d8 - GetSystemMetrics
• 0x4071dc - SetDlgItemTextA
• 0x4071e0 - GetDlgItemTextA
• 0x4071e4 - MessageBoxIndirectA
• 0x4071e8 - CharPrevA
• 0x4071ec - DispatchMessageA
• 0x4071f0 - PeekMessageA
• 0x4071f4 - ReleaseDC
• 0x4071f8 - EnableWindow
• 0x4071fc - InvalidateRect
• 0x407200 - SendMessageA
• 0x407204 - DefWindowProcA
• 0x407208 - BeginPaint
• 0x40720c - GetClientRect
• 0x407210 - FillRect
• 0x407214 - DrawTextA
• 0x407218 - GetClassInfoA
• 0x40721c - DialogBoxParamA
• 0x407220 - CharNextA
• 0x407224 - ExitWindowsEx
• 0x407228 - DestroyWindow
• 0x40722c - CreateDialogParamA
• 0x407230 - SetTimer
• 0x407234 - GetDlgItem
• 0x407238 - wsprintfA
• 0x40723c - SetForegroundWindow
• 0x407240 - ShowWindow
• 0x407244 - IsWindow
• 0x407248 - LoadImageA
• 0x40724c - SetWindowLongA
• 0x407250 - SetClipboardData
• 0x407254 - EmptyClipboard
• 0x407258 - OpenClipboard
• 0x40725c - EndPaint
• 0x407260 - PostQuitMessage
• 0x407264 - FindWindowExA
• 0x407268 - SendMessageTimeoutA
• 0x40726c - SetWindowTextA
库 GDI32.dll:
• 0x40703c - SelectObject
• 0x407040 - SetBkMode
• 0x407044 - CreateFontIndirectA
• 0x407048 - SetTextColor
• 0x40704c - DeleteObject
• 0x407050 - GetDeviceCaps
• 0x407054 - CreateBrushIndirect
• 0x407058 - SetBkColor
库 SHELL32.dll:
• 0x407158 - SHGetSpecialFolderLocation
• 0x40715c - SHGetPathFromIDListA
• 0x407160 - SHBrowseForFolderA
• 0x407164 - SHGetFileInfoA
• 0x407168 - ShellExecuteA
• 0x40716c - SHFileOperationA
库 ADVAPI32.dll:
• 0x407000 - RegCloseKey
• 0x407004 - RegOpenKeyExA
• 0x407008 - RegDeleteKeyA
• 0x40700c - RegDeleteValueA
• 0x407010 - RegEnumValueA
• 0x407014 - RegCreateKeyExA
• 0x407018 - RegSetValueExA
• 0x40701c - RegQueryValueExA
• 0x407020 - RegEnumKeyA
库 COMCTL32.dll:
• 0x407028 - ImageList_Create
• 0x40702c - ImageList_AddMasked
• 0x407030 - ImageList_Destroy
• 0x407034 - None
库 ole32.dll:
• 0x407284 - CoCreateInstance
• 0x407288 - CoTaskMemFree
• 0x40728c - OleInitialize
• 0x407290 - OleUninitialize
库 VERSION.dll:
• 0x407274 - GetFileVersionInfoSizeA
• 0x407278 - GetFileVersionInfoA
• 0x40727c - VerQueryValueA
投放文件
dev31B0.exe
| 文件名 | dev31B0.exe |
|---|---|
| 相关文件 |
|
| 文件大小 | 88896 bytes |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2ec80e561f96a56cf31b1695bf9af3e1 |
| SHA1 | 6682401cf005f640c4fd89285e6c945ef5c4b964 |
| SHA256 | ecc57821d762e3259f52e15187c770847ef3be2839b87f8db0cea647c1db4c76 |
| SHA512 | 483edd632e36a49edaa053c82c83bbfc3bf36ab94e0072d32d1f6a5370ef25193803ad0a2004e7692659da41d614444674bd426bb2d3f348030a982b5ea4b3f8 |
| Ssdeep | 1536:oWGMsx0E7UFsgkn/PxZOE9frdK06+a1HkjPQJpasWvcd2OTqQIGjuIxps:K7Gk/5wQfrdo+2kjPwpx2WqQIGjX |
| VirusTotal | 搜索相关分析 |
nsExec.dll
| 文件名 | nsExec.dll |
|---|---|
| 相关文件 |
|
| 文件大小 | 6656 bytes |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 14f5984b926208de2aafb55dd9971d4a |
| SHA1 | e5afe0b80568135d3e259c73f93947d758a7b980 |
| SHA256 | 030bcfa82e3bb424835a5fa53a3ff17ab08557d3bbeea4815313036fc4bdafe1 |
| SHA512 | e9ec97dd57ead871789d49ed38d9fde5f31d3cb2547810cae49a736e06b9f9b28cf8efea825eb83c3e07d880ee798abfb9069c6957416d5973c83e4531814e27 |
| Ssdeep | 96:k7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgNJ38:Wygp3FcHi0xhYMR8dMqJVgN |
| VirusTotal | 搜索相关分析 |
sudoku.prefs
| 文件名 | sudoku.prefs |
|---|---|
| 相关文件 |
|
| 文件大小 | 10157 bytes |
| 文件类型 | ASCII text |
| MD5 | 9ee26510bacff966b3d702b95367ae9f |
| SHA1 | f81bd22ad26396bd9b379add908224c9454f7b4f |
| SHA256 | 86b5b1dbfb699460bba242e59941a15e13395bf8576cdb462e5337a8a2e919d7 |
| SHA512 | a713277da92bc9252bfcd67f5a89d266c57439a0a3e34f15c7d16c2c5954e0fa726f81727e433a970b526a88592f845d4f0b2e3271a7a5ba4d2f28700541a9d8 |
| Ssdeep | 192:SiQhXWG8/1ByehmuYhwfaiITxcRi3Kapy1Nf7:S5989sImHhwfaiMxcRi3Kapy1Nf7 |
| VirusTotal | 搜索相关分析 |
726914A4.dll
| 文件名 | 726914A4.dll |
|---|---|
| 相关文件 |
|
| 文件大小 | 89600 bytes |
| 文件类型 | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | 1df9d1021c675c1b1f3b121a1fe79e20 |
| SHA1 | f70f3409d2149a118a041882aa3d6170aec3e510 |
| SHA256 | 10822279f1b6245265169b19dbba6549ce3e2c4ac6f58bfc869fcae563cce0c4 |
| SHA512 | 59780a3849d4aa7917cf7f7f3ba6ccaa8494d1b02b3c9121262b40ba0dfe654b862527916565d8c11694a83229748bff457d21c82be7329f51f5065d981a4a7d |
| Ssdeep | 1536:9SngN/U9vLqYBXWd3Fz7czK0wXxF0G1WiTgTYs25I7tHLsWNcdFrur312Gq:mik9BXWd3Fd0wOYLs6Fir312V |
| VirusTotal | 搜索相关分析 |
sudoku.lnk
| 文件名 | sudoku.lnk |
|---|---|
| 相关文件 |
|
| 文件大小 | 1158 bytes |
| 文件类型 | MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 15:54:17 1600, mtime=Sun Dec 31 15:54:17 1600, atime=Sun Dec 31 15:54:17 1600, length=0, window=hide |
| MD5 | 5e7720c18e8b1fb76411fcaa07f1fc72 |
| SHA1 | c2968d285efeb405f9305a6d1d76d718b8fda819 |
| SHA256 | d84f0c9ae7d8fae9ab724d74b90ff7da3ba2068f1db48c01787c8d3feccaec42 |
| SHA512 | 21166f26ad74edc25a084bc00566ac451480f257f33f5ffc0061df6393fff332236434db381f62eb57dbcebb3940fa4188f0af196687b6f542e5becb21439bbf |
| Ssdeep | 12:8TGY9/tpf7GovHSLcrO2VSEC4mc++mtml1MJ8+M4gbNfBZH4t2YZqI0GX:8Npz9MsOLR4Y+ckql8JDdq |
| VirusTotal | 搜索相关分析 |
ntuser.dat
| 文件名 | ntuser.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 179 bytes |
| 文件类型 | data |
| MD5 | 880ac583175fe607b6295abd5ffc9776 |
| SHA1 | 7377381457901457d1c6f6234bfdcc265a1e3971 |
| SHA256 | f10ddb66531e0168d0c20fc67134658b0861f6b6bc507f204b989766ec4091ea |
| SHA512 | b2e0663734f682723a6c20cf5a18cc635a64eed4641f57b0e07bc917d52c6d5103e87df5b655f6365b5a196e700939d50e945f5163076771b7c94440f6f75f8f |
| Ssdeep | 3:2LZ1tBahU6dxA3B5Wk83c3VMPQICZZjnSnmgqIGQlM1KohfAqyDDp/y02DLB+:8HapdxMC3c366ZjnSnmQGc0Koh4tnp/D |
| VirusTotal | 搜索相关分析 |
ntuser.dat
| 文件名 | ntuser.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 179 bytes |
| 文件类型 | data |
| MD5 | f54cd5f81f2ac330ea6e3153ac7ad3bd |
| SHA1 | 0f3f94780aafd1b66b3442bc34ec4ec7762dacde |
| SHA256 | 2c9d978a0bdd2c24de17c6739629ab83081a4ca4594490f4f1446869c916c6b3 |
| SHA512 | e5b31ed8dd9642e5398f7f37bbcfd1b45a4cb96c0096f469d570c159d218643037be1adf04d0901f790b962642819cba040d697d0dc7322e00f3caae346b8b03 |
| Ssdeep | 3:LWsJ/R7bDheZrLmLh+4sh8qHlCD44wxSSfq528YZFJ3Epo1bzM+LyNQTfX9OTyI:PX7bDqWL84zqFCPsQ2hZDEpo1XM++QTW |
| VirusTotal | 搜索相关分析 |
sudoku.exe
| 文件名 | sudoku.exe |
|---|---|
| 相关文件 |
|
| 文件大小 | 185856 bytes |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 1cfcbf83d8fc09b05040150e960971fe |
| SHA1 | 716e5b57139f8a1d89c087eb181a7430ae3a4879 |
| SHA256 | ad321dd6c21e8b764aab5396658f173b8bd3a8de206fb110b03204f07084f35a |
| SHA512 | 00c3ecb6f71c96c76569dcb3f71451fd4d9b8e01447834ee64c22135cba7b7c560a36198823b98a31b0d9ca4d0914246c093bb44f0d8e6a88c669f690f049944 |
| Ssdeep | 3072:pNafGO3JVrs7hoeUBisfnrTn37KFHrFIPQ4rGLVBJJAKInue9n:7agWeKDT7KFLFIYIGLsKzK |
| VirusTotal | 搜索相关分析 |
ntuser.dat
| 文件名 | ntuser.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 179 bytes |
| 文件类型 | data |
| MD5 | 284d134cfeae271e1b065a15a322067b |
| SHA1 | 584e7815f7a11ef4de9f5bb14b33e6d64b1eaeb8 |
| SHA256 | 43d53071391b1886bca2c6da1a29cecd177c6b59788c76ab3e58360f708b1a8e |
| SHA512 | 2a3dfcf7bc0c73d19ffc1fef4e6fa261f1076129b1151b051134211f9448f345861d160abea4ea69510da75e667549b3d6741ff7b9cf5a053dcac831c2865d03 |
| Ssdeep | 3:RkO1h0Rxp1Cmw1zEUY3hmsjgdFaeLS6EQgAvuEsnHvT2Cbz3ZKqWb6ktwsQEcHSF:1wCmE9Y3PjgCeOQgKuFvT2Cbz3ZK1tZz |
| VirusTotal | 搜索相关分析 |
common.dat
| 文件名 | common.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 133136 bytes |
| 文件类型 | data |
| MD5 | 83ffe677465a10c9d70c29720113e145 |
| SHA1 | 3f903ad170f51e28a172618d640c23429ea304aa |
| SHA256 | e62178c17c9fb09ef9088d271854b74bc19666bdc783f14191322a198d1612ab |
| SHA512 | d0efb896cd5462e559f0205ba5efc4c786ba21228fd03c36c819efa8371e0d3463777b0aa92d78a29df7bacb4a456599aa0491733e41dc8451b9c8ee0cf34972 |
| Ssdeep | 3072:prpvVmlnnkJIk3UwLm16u2BptNcbGnh6UfRBjphzpF:fvVmlkJ73U56Bpq8RBjHdF |
| VirusTotal | 搜索相关分析 |
4563268.cmd
| 文件名 | 4563268.cmd |
|---|---|
| 相关文件 |
|
| 文件大小 | 61 bytes |
| 文件类型 | ASCII text |
| MD5 | 256058088776c46eaa14621523240ddf |
| SHA1 | 25b48042f797f45018c486144edfe375d0415830 |
| SHA256 | b87babd5234c608b9c4634ea70151dd61201013611c79a6d8302c8fd1070cc71 |
| SHA512 | 403e116c041774e705dccdf5cc84a8b607bbbe103bfa92ee2cf0f25cde8a424062bd25395a0d583ab1fd6789271fd0273166ca0daaf8d828b57426665e55a1c7 |
| Ssdeep | 3:GfLqF7ckspNPfeXbn:GfLqFhsWn |
| VirusTotal | 搜索相关分析 |
nsProcess.dll
| 文件名 | nsProcess.dll |
|---|---|
| 相关文件 |
|
| 文件大小 | 4608 bytes |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | faa7f034b38e729a983965c04cc70fc1 |
| SHA1 | df8bda55b498976ea47d25d8a77539b049dab55e |
| SHA256 | 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf |
| SHA512 | 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf |
| Ssdeep | 48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR |
| VirusTotal | 搜索相关分析 |
ntuser.dat
| 文件名 | ntuser.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 179 bytes |
| 文件类型 | data |
| MD5 | 768430d6f3d5841f52217289250db9f3 |
| SHA1 | 922df4cf0aaae6f5134c9b763cc1bb027f8f68ed |
| SHA256 | 9c031ea46bc0100553e776fec19f6522f3a7090c816efc3bb791f1ec1e34a899 |
| SHA512 | 7bd98bbc27252f6ce5f19b05d1d18c064fa982cb30d913241d24df1e6cc824234a22832f22dd2361183050975ccb2ed612450f848c65ce67b71c96d26d78163f |
| Ssdeep | 3:yvwh8I8Ki0a7IQaBMWAyDGvNM2szdhAEFoMCXX5MXXt85WBw2KUeFcfYf:pK0a7IQXWAy92uhjHCH5MXXQWBw9a8 |
| VirusTotal | 搜索相关分析 |
ntuser.dat
| 文件名 | ntuser.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 1251 bytes |
| 文件类型 | data |
| MD5 | 0ff881e5321172197d87d344f70e5d71 |
| SHA1 | fc5a4c8471652811976b29a09b064559a594703c |
| SHA256 | 91ae2b7db2c1b7069023a9450924db3b6a11619e19c1688bb3752a53fe66196b |
| SHA512 | 79c388cfaafbd50b5ff53416503f678d358913df4f307de7874ef16c719fc4ca61922f35425cdc5402e93df04aee6859cd075c5848687e6c0a9f1a5625c744e3 |
| Ssdeep | 24:anLlscXhNGHMBjAszOVLqGWQvDUojc09Z4gHI6+XBn4XvWCSrkqlREwU9u:aKcXiaVOhqGWQvoog0jVHA4/2rnDxt |
| VirusTotal | 搜索相关分析 |
dev4790.exe
| 文件名 | dev4790.exe |
|---|---|
| 相关文件 |
|
| 文件大小 | 87872 bytes |
| 文件类型 | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 5822c0018beadd0509e238bc9e42b4e4 |
| SHA1 | 7c5651046fb458300ddabe0c133719102409426c |
| SHA256 | f8910ba2cfe8d8e55aa6be15a494280513fdf508d339f386a6d89f781308482a |
| SHA512 | 4d819eef44a790dd15bb210cb9f35aa4925cb02667509d65e1b80775dc1ac3020ef0875fb1a479653a6dbd4c7807e2ec26823d00cc91831ac2c07d0d709a3e17 |
| Ssdeep | 1536:nUgVpFmYBzeJGB85UsreEPCs0EuMCJNq35e00RhYJX5sWt6cdQk2S8OwKx0MP8sv:nHpzUGBKjKEr0tHJNGeBoXBbQk2S8OwM |
| VirusTotal | 搜索相关分析 |
ntuser.dat
| 文件名 | ntuser.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 179 bytes |
| 文件类型 | data |
| MD5 | 4fee34ed9106ed5ba87248b0d9cc2580 |
| SHA1 | 94e394a60ea4d932bc43845ab9ec60ff030f0464 |
| SHA256 | 7e622705d703b9fe8607e9e4a5d7be5af22bd93445f7a19ea078f92d4226f30a |
| SHA512 | b906d9ea7e0919345a43aafba96e1f75519a7628ba511188ef51fc0daf11521f6786e38f08740adc0411ab66114c91b19156323393f35d32ba90e9fd1aa4014a |
| Ssdeep | 3:eeptjHMqoFDqX8cKcWEKGhrA8Xn36UVORHmbWaUOuedYYHw4u5Yeov+Y0kwDen:e2tjS1Lc3WEKGhrTXn36UgiPSYHxu5Yn |
| VirusTotal | 搜索相关分析 |
226ECBD4.dat
| 文件名 | 226ECBD4.dat |
|---|---|
| 相关文件 |
|
| 文件大小 | 133128 bytes |
| 文件类型 | data |
| MD5 | e4f80f3e5d74e562be9c17816a906404 |
| SHA1 | 40c15099dee01bc75cddeae08571f9e6a6cd4090 |
| SHA256 | 37dca613ce767c2472228737a0adb334b8322b243561c911ffa7be8ff36cae04 |
| SHA512 | 4840c4ff77344d00818e7307555ec71d8f78d9a8c49cb35c8c995c655855b5c3b0e2a9dd31a36c2c6f6f215a8b6a888fda380fffb67864600451803a0a3ba6fa |
| Ssdeep | 3072:7ACPz3RdfIFcqCy45U6c3Su0Sf0199sSjQSIc9Z:XzBdfRq4RM0Sf0XrQS19Z |
| VirusTotal | 搜索相关分析 |
system.exe
| 文件名 | system.exe |
|---|---|
| 相关文件 |
|
| 文件大小 | 476672 bytes |
| 文件类型 | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 885e9eb42889ca547f4e3515dcde5d3d |
| SHA1 | d4206fc233e3a708b54439e1c2bc12b48a755ed1 |
| SHA256 | b3a70d388488c34dd5c767692eccc9effed36b8e7c1ee03ace1bd27123a2e6d6 |
| SHA512 | 3e5ddfc47b9f28115385ef4d311d8c929be7daa6d9c22e1c57449488cd434f69695726bd6008d88fd0d570f38105c4b97b311fbd26d5ad79e1539e8d220a385b |
| Ssdeep | 12288:WfX18uyXxIAs5mi7hTgKc7A8+CFBDGyBoZ2lnek:WfX18uGxIQi79kcJCFBDGyD5ek |
| VirusTotal | 搜索相关分析 |
System.dll
| 文件名 | System.dll |
|---|---|
| 相关文件 |
|
| 文件大小 | 11264 bytes |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | a436db0c473a087eb61ff5c53c34ba27 |
| SHA1 | 65ea67e424e75f5065132b539c8b2eda88aa0506 |
| SHA256 | 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49 |
| SHA512 | 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d |
| Ssdeep | 192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e |
| VirusTotal | 搜索相关分析 |
adobesystem.log
| 文件名 | adobesystem.log |
|---|---|
| 相关文件 |
|
| 文件大小 | 0 bytes |
| 文件类型 | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
| Ssdeep | 3:: |
| VirusTotal | 搜索相关分析 |
source.zip
| 文件名 | source.zip |
|---|---|
| 相关文件 |
|
| 文件大小 | 183089 bytes |
| 文件类型 | 7-zip archive data, version 0.2 |
| MD5 | b1a62d8ba61f63b279f6369174f91b4e |
| SHA1 | 1773f577e87653b02f24cac38dfc0d55b91cf9c5 |
| SHA256 | 0ad955014507eae9575fa7c6de763208920aeb0f66767726e3ed481a509a220a |
| SHA512 | 67c03944e471b0228305e1f0ac812a50227c57420afcf32223c2efae80417a8046cc4168d8fca48c30cc4aa1e1f38e81ad14ccccf8edc320c1b9a34c81e43835 |
| Ssdeep | 3072:vG6fMeY3qXio97+HcnNW9URMyLRpR61px0/lZ9E0CPxOKk1QMQei:jOSDM9URMyLRL6qO7PxODQbn |
| VirusTotal | 搜索相关分析 |
ExecCmd.dll
| 文件名 | ExecCmd.dll |
|---|---|
| 相关文件 |
|
| 文件大小 | 4608 bytes |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | b9380b0bea8854fd9f93cc1fda0dfeac |
| SHA1 | edb8d58074e098f7b5f0d158abedc7fc53638618 |
| SHA256 | 1f4bd9c9376fe1b6913baeca7fb6df6467126f27c9c2fe038206567232a0e244 |
| SHA512 | 45c3ab0f2bce53b75e72e43bac747dc0618342a3f498be8e2eb62a6db0b137fcdb1735da83051b14824996b5287109aa831e5859d6f21f0ed21b76b3d335418c |
| Ssdeep | 48:ifXNtGNjFizsU35iej7luiwa28mDJmDKUOMQH0glay/Aa4r/:5Fef5iej5txKJKenlV4r/ |
| VirusTotal | 搜索相关分析 |
tools.zip
| 文件名 | tools.zip |
|---|---|
| 相关文件 |
|
| 文件大小 | 447359 bytes |
| 文件类型 | 7-zip archive data, version 0.2 |
| MD5 | d37c4e3b0dbb005606b86e5c2bb92f80 |
| SHA1 | 2f9e7f9ca2cf3a1707a6249e0aa5683c046826c1 |
| SHA256 | 190804757d5487f287af051e4a74975a10a4d7fbc5a9c27d02122c37321edf05 |
| SHA512 | 45e3e80b34fd983b30d7ef46191937c8b31e67e43aafed35c8679bec31a299da24b1d12d9e8922f6b13632da9883ee78cdf5ed1138d1abf997f69a8caf71f8f0 |
| Ssdeep | 6144:64OPc9li9xCpJZcEKd5VFXr+U7Hbll1+kYGmaHgn71GVSgu+GVQIIxsogvcmD/qf:LicNvcbXFX5rrYfnZGUfQa0M2T |
| VirusTotal | 搜索相关分析 |
行为分析
互斥量(Mutexes)
- CicLoadWinStaWinSta0
- Local\MSCTF.CtfMonitorInstMutextmxlqszohmz1
- Local\MSCTF.Asm.Mutextmxlqszohmz1
- vUQPRBAvrvTSm0fcdrMjW0cadmmWK0t
- Local\MSCTF.CtfMonitorInstMutexlevsyxifiwxouh1
- Local\MSCTF.Asm.Mutexlevsyxifiwxouh1
- Local\MSCTF.Asm.MutexDefault1
执行的命令
- system.exe x -p346iKce0XL source.zip -aoa -oC:\Users\test\AppData\Roaming\Microsoft\Games\sudoku
- C:\Windows\system32\cmd.exe /C "system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa"
- C:\Windows\system32\cmd.exe /C "system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa"
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.exe 226ECBD4.dat common.dat
- C:\Windows\system32\cmd.exe /C "system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa"
- C:\Windows\system32\cmd.exe /C "system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa"
- C:\Windows\system32\cmd.exe /C "system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa"
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\dev31B0.exe sudoku.exe 726914A4.dll
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\sudoku.exe
- system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- sudoku.exe
- ctfmon.exe
创建的服务
无信息
启动的服务
无信息
进程
ntp2.exe PID: 1808, 上一级进程 PID: 1872
system.exe PID: 812, 上一级进程 PID: 1808
cmd.exe PID: 2068, 上一级进程 PID: 1808
system.exe PID: 2140, 上一级进程 PID: 2068
cmd.exe PID: 2244, 上一级进程 PID: 1808
system.exe PID: 2316, 上一级进程 PID: 2244
dev4790.exe PID: 2412, 上一级进程 PID: 1808
cmd.exe PID: 2496, 上一级进程 PID: 1808
system.exe PID: 2568, 上一级进程 PID: 2496
cmd.exe PID: 2712, 上一级进程 PID: 1808
system.exe PID: 2784, 上一级进程 PID: 2712
cmd.exe PID: 2924, 上一级进程 PID: 1808
system.exe PID: 2996, 上一级进程 PID: 2924
dev31B0.exe PID: 1368, 上一级进程 PID: 1808
sudoku.exe PID: 1164, 上一级进程 PID: 1368
ctfmon.exe PID: 2172, 上一级进程 PID: 1164
sudoku.exe PID: 2072, 上一级进程 PID: 1368
ctfmon.exe PID: 2368, 上一级进程 PID: 2072
sudoku.exe PID: 2416, 上一级进程 PID: 1368
sudoku.exe PID: 2732, 上一级进程 PID: 1808
访问的文件
- \Device\KsecDD
- C:\Users\test\AppData\Local\Temp\SHFOLDER.DLL
- C:\Windows\System32\shfolder.dll
- \??\MountPointManager
- C:\Users\test\AppData\Local\Temp\
- C:\Users\test\AppData\Local\Temp
- C:\Users\test\AppData\Local\Temp\nsdB8D3.tmp
- C:\Users\test\AppData\Local\Temp\ntp2.exe
- C:\Users\test\AppData\Local\Temp\nsiB8E3.tmp
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\System.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\source.zip
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\tools.zip
- C:\Users\test\AppData\Roaming
- C:\Users\test\AppData\Roaming\Microsoft
- C:\Users\test\AppData\Roaming\Microsoft\Games
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku
- C:\
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\*.*
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsExec.dll
- \Device\NamedPipe\
- \Device\NamedPipe
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\ExecCmd.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.tmp
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.exe
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\common.dat
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\726914A4.dll
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\726914A4.dll
- C:\Users\test\AppData\Roaming\Microsoft\desktop.ini
- C:\Windows\SysWOW64\propsys.dll
- C:\Windows\sysnative\propsys.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev31B0.tmp
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\dev31B0.exe
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\common.dat
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\226ECBD4.dat
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\45277BFA.dll
- C:\Users\test\AppData\Local\Temp\45277BFA.DLL
- C:\Windows\System32\45277BFA.DLL
- C:\Windows\system\45277BFA.DLL
- C:\Windows\45277BFA.DLL
- C:\ProgramData\Oracle\Java\javapath\45277BFA.DLL
- C:\Windows\System32\wbem\45277BFA.DLL
- C:\Windows\System32\WindowsPowerShell\v1.0\45277BFA.DLL
- C:\Program Files (x86)\WinRAR\45277BFA.DLL
- C:\Users\test\AppData\Local\Temp\45277BFA.dll
- C:\Users\test\AppData\Local\Temp\45277BFA.dll.tmp
- C:\Users\test\AppData\Local\Temp\4563268.cmd
- C:\Windows\SysWOW64\ieframe.dll
- \??\Volume{372941a4-1bd9-11e5-9838-806e6f6e6963}\
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\sudoku.exe
- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sudoku.lnk
- C:\Users\desktop.ini
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsProcess.dll
- C:\Users\test\AppData\Local\Temp\3855021.cmd
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\*.*
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\*.*
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa.*
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa.*
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa.*
- C:\Windows\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- C:\Windows\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa.*
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa.*
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa.*
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip dev4790.tmp -aoa.*
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa.*
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa.*
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa.*
- C:\Windows\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- C:\Windows\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa.*
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa.*
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa.*
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip 226ECBD4.dat -aoa.*
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
- C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Program Files (x86)\WinRAR\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa.*
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa.*
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa.*
- C:\Windows\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- C:\Windows\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa.*
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa.*
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa.*
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip 726914A4.dll -aoa.*
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa.*
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa.*
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa.*
- C:\Windows\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- C:\Windows\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa.*
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa.*
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa.*
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip dev31B0.tmp -aoa.*
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa.*
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- C:\ProgramData\Oracle\Java\javapath\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa.*
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- C:\Windows\System32\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa.*
- C:\Windows\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- C:\Windows\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa.*
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- C:\Windows\System32\wbem\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa.*
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- C:\Windows\System32\WindowsPowerShell\v1.0\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa.*
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa
- C:\Program Files (x86)\WinRAR\system.exe x -p346iKce0XL tools.zip 45277BFA.dll -aoa.*
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\api-ms-win-core-synch-l1-2-0.dll
- C:\Users\test\.fltk\fltk.org\sudoku.prefs
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\*.dat
- C:\Users\test\AppData\Roaming\ntuser.dat
- C:\Users\test\AppData\Roaming\Adobe
- C:\Users\test\AppData\Roaming\adobesystem.log
- C:\Windows\System32\tzres.dll
- C:\Users\test\.fltk\fltk.org
- C:\Users\test\.fltk\
- C:\Users\test\.fltk
读取的文件
- \Device\KsecDD
- C:\Windows\System32\shfolder.dll
- C:\Users\test\AppData\Local\Temp\nsdB8D3.tmp
- C:\Users\test\AppData\Local\Temp\ntp2.exe
- C:\Users\test\AppData\Local\Temp\nsiB8E3.tmp
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\System.dll
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsExec.dll
- \Device\NamedPipe\
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\ExecCmd.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.tmp
- C:\
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- C:\Users\test\AppData\Roaming
- C:\Users\test\AppData\Roaming\Microsoft\desktop.ini
- C:\Users\test\AppData\Roaming\Microsoft
- C:\Users\test\AppData\Roaming\Microsoft\Games
- C:\Users\test\AppData\Local\Temp\msi5279.tmp
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\726914A4.dll
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\726914A4.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev31B0.tmp
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\dev31B0.exe
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\common.dat
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\common.dat
- C:\Users\test\AppData\Local\Temp\45277BFA.dll
- C:\Users\test\AppData\Local\Temp\4563268.cmd
- C:\Windows\SysWOW64\ieframe.dll
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\sudoku.exe
- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sudoku.lnk
- C:\Users\desktop.ini
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsProcess.dll
- C:\Users\test\AppData\Local\Temp\3855021.cmd
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\source.zip
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\tools.zip
- C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\226ECBD4.dat
- C:\Users\test\.fltk\fltk.org\sudoku.prefs
- C:\Users\test\AppData\Roaming\ntuser.dat
- C:\Users\test\AppData\Roaming\adobesystem.log
- C:\Windows\System32\tzres.dll
修改的文件
- C:\Users\test\AppData\Local\Temp\nsiB8E3.tmp
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\System.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\source.zip
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\tools.zip
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsExec.dll
- \Device\NamedPipe
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\ExecCmd.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.exe
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\726914A4.dll
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\dev31B0.exe
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\common.dat
- C:\Users\test\AppData\Local\Temp\45277BFA.dll.tmp
- C:\Users\test\AppData\Local\Temp\4563268.cmd
- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sudoku.lnk
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsProcess.dll
- C:\Users\test\AppData\Local\Temp\3855021.cmd
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\sudoku.exe
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.tmp
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\226ECBD4.dat
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\common.dat
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\726914A4.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev31B0.tmp
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\api-ms-win-core-synch-l1-2-0.dll
- C:\Users\test\AppData\Roaming\ntuser.dat
- C:\Users\test\AppData\Roaming\adobesystem.log
- C:\Users\test\.fltk\fltk.org\sudoku.prefs
删除的文件
- C:\Users\test\AppData\Local\Temp\nsdB8D3.tmp
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.exe
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\226ECBD4.dat
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\dev31B0.exe
- C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\726914A4.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\726914A4.dll
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\common.dat
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev31B0.tmp
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\source.zip
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\tools.zip
- C:\Users\test\AppData\Local\Temp\msi5279.tmp\
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\ExecCmd.dll
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsExec.dll
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsProcess.dll
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\System.dll
- C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\
- C:\Users\test\AppData\Roaming\ntuser.dat
注册表键
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\nsExec.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ExecCmd.dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
- HKEY_CLASSES_ROOT\.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\(Default)
- HKEY_CLASSES_ROOT\.dll\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice
- HKEY_CLASSES_ROOT\dllfile
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\CurVer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\ShellEx\IconHandler
- HKEY_CLASSES_ROOT\SystemFileAssociations\.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\ShellEx\IconHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\PerceivedType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\PerceivedType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\Content Type
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\NeverShowExt
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dll\(Default)
- HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
- HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
- HKEY_CLASSES_ROOT\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
- HKEY_CLASSES_ROOT\Directory
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\PropertyHandler
- HKEY_CLASSES_ROOT\Folder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\PropertyHandler
- HKEY_CLASSES_ROOT\AllFilesystemObjects
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\PropertyHandler
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\ntp2.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\ntp2.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileBufferedSynchronousIo
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileChunkSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileOverlappedCount
- HKEY_CLASSES_ROOT\.tmp
- HKEY_CLASSES_ROOT\.tmp\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp
- HKEY_CLASSES_ROOT\Unknown
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\CurVer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\ShellEx\IconHandler
- HKEY_CLASSES_ROOT\SystemFileAssociations\.tmp
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\NeverShowExt
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.tmp
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\ShellEx\PropertyHandler
- HKEY_CLASSES_ROOT\*
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\PropertyHandler
- HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
- HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
- HKEY_CLASSES_ROOT\.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
- HKEY_CLASSES_ROOT\.exe\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
- HKEY_CLASSES_ROOT\exefile
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
- HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
- HKEY_CLASSES_ROOT\.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\(Default)
- HKEY_CLASSES_ROOT\.dat\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\ShellEx\IconHandler
- HKEY_CLASSES_ROOT\SystemFileAssociations\.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\PerceivedType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\Content Type
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\NeverShowExt
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\ShellEx\PropertyHandler
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
- HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
- HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
- HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
- HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ieframe.dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\ntp2.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
- HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
- HKEY_CLASSES_ROOT\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
- HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{031E4825-7B94-4DC3-B131-E946B44C8DD5}
- HKEY_CLASSES_ROOT\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{04731B67-D933-450A-90E6-4ACD2E9408FE}
- HKEY_CLASSES_ROOT\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{11016101-E366-4D22-BC06-4ADA335C892B}
- HKEY_CLASSES_ROOT\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}
- HKEY_CLASSES_ROOT\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4336A54D-038B-4685-AB02-99BB52D3FB8B}
- HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- HKEY_CLASSES_ROOT\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
- HKEY_CLASSES_ROOT\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{89D83576-6BD1-4C86-9454-BEB04E94C819}
- HKEY_CLASSES_ROOT\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{9343812E-1C37-4A49-A12E-4B2D810D956B}
- HKEY_CLASSES_ROOT\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}
- HKEY_CLASSES_ROOT\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
- HKEY_CLASSES_ROOT\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}
- HKEY_CLASSES_ROOT\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}
- HKEY_CLASSES_ROOT\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{E345F35F-9397-435C-8F95-4E922C26259E}
- HKEY_CLASSES_ROOT\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
- HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Desktop
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Documents
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\CommonPictures
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\CommonMusic
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\CommonVideo
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{DE92C1C7-837F-4F69-A3BB-86E631204A23}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\My Music
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Startup
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Programs
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\nsProcess.dll
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
- HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0
- HKEY_CURRENT_USER\Software/i
- HKEY_CURRENT_USER\Software/i\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sudoku.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\sudoku.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\KnownNotForCtfmon
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\(Default)
- HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
读取的注册表键
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\nsExec.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ExecCmd.dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\PerceivedType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\PerceivedType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\Content Type
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dll\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.dll\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileBufferedSynchronousIo
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileChunkSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileOverlappedCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\PerceivedType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\DocObject
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\BrowseInPlace
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\Content Type
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\IsShortcut
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\AlwaysShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dat\NeverShowExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\ntp2.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{26EE0668-A00A-44D7-9371-BEB064C98683}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{031E4825-7B94-4DC3-B131-E946B44C8DD5}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{04731B67-D933-450A-90E6-4ACD2E9408FE}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{04731B67-D933-450A-90E6-4ACD2E9408FE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{11016101-E366-4D22-BC06-4ADA335C892B}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{138508BC-1E03-49EA-9C8F-EA9E1D05D65D}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{4336A54D-038B-4685-AB02-99BB52D3FB8B}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{89D83576-6BD1-4C86-9454-BEB04E94C819}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9343812E-1C37-4A49-A12E-4B2D810D956B}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{9343812E-1C37-4A49-A12E-4B2D810D956B}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B0FBD52D-C4A7-4A19-985D-11309D1AC8AE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E345F35F-9397-435C-8F95-4E922C26259E}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{E345F35F-9397-435C-8F95-4E922C26259E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Desktop
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Documents
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\CommonPictures
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\CommonMusic
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\CommonVideo
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{DE92C1C7-837F-4F69-A3BB-86E631204A23}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\My Music
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Startup
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders\Common Programs
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\nsProcess.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\(Default)
修改的注册表键
- HKEY_CURRENT_USER\Software/i
- HKEY_CURRENT_USER\Software/i\(Default)
删除的注册表键
无信息
API解析
- cryptbase.dll.SystemFunction036
- shfolder.dll.SHGetFolderPathA
- setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
- setupapi.dll.CM_Get_Device_Interface_List_ExW
- comctl32.dll.#386
- kernel32.dll.GetUserDefaultUILanguage
- system.dll.Call
- advapi32.dll.SystemFunction036
- cryptbase.dll.SystemFunction001
- cryptbase.dll.SystemFunction002
- cryptbase.dll.SystemFunction003
- cryptbase.dll.SystemFunction004
- cryptbase.dll.SystemFunction005
- cryptbase.dll.SystemFunction028
- cryptbase.dll.SystemFunction029
- cryptbase.dll.SystemFunction034
- cryptbase.dll.SystemFunction040
- cryptbase.dll.SystemFunction041
- system.dll.Free
- system.dll.Int64Op
- nsexec.dll.Exec
- kernel32.dll.IsWow64Process
- execcmd.dll.exec
- oleaut32.dll.#200
- comctl32.dll.#385
- propsys.dll.PSLookupPropertyHandlerCLSID
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegCloseKey
- propsys.dll.PSCreatePropertyStoreFromObject
- propsys.dll.#417
- oleaut32.dll.#6
- propsys.dll.PropVariantToStringAlloc
- propsys.dll.PSCreateMemoryPropertyStore
- propsys.dll.PropVariantToBuffer
- propsys.dll.PropVariantToUInt64
- propsys.dll.PropVariantToBoolean
- propsys.dll.InitPropVariantFromBuffer
- shell32.dll.#66
- comctl32.dll.#336
- comctl32.dll.#329
- comctl32.dll.#321
- comctl32.dll.#388
- comctl32.dll.#387
- comctl32.dll.#327
- oleaut32.dll.#500
- urlmon.dll.CreateUri
- kernel32.dll.InitializeSRWLock
- kernel32.dll.AcquireSRWLockExclusive
- kernel32.dll.AcquireSRWLockShared
- kernel32.dll.ReleaseSRWLockExclusive
- kernel32.dll.ReleaseSRWLockShared
- nsprocess.dll._CloseProcess
- ntdll.dll.NtQuerySystemInformation
- kernel32.dll.MoveFileExA
- ole32.dll.CoRevokeInitializeSpy
- advapi32.dll.UnregisterTraceGuids
- cryptsp.dll.CryptReleaseContext
- kernel32.dll.GetLargePageMinimum
- kernel32.dll.SetThreadUILanguage
- kernel32.dll.CopyFileExW
- kernel32.dll.IsDebuggerPresent
- kernel32.dll.SetConsoleInputExeNameW
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsSetValue
- advapi32.dll.EventRegister
- kernel32.dll.FlsGetValue
- api-ms-win-core-localization-l1-2-1.dll.LCMapStringEx
- shell32.dll.CommandLineToArgvW
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptCreateHash
- cryptsp.dll.CryptHashData
- cryptsp.dll.CryptDeriveKey
- cryptsp.dll.CryptSetKeyParam
- cryptsp.dll.CryptEncrypt
- kernel32.dll.Module32NextW
- ntdll.dll.NtOpenDirectoryObject
- ntdll.dll.NtQueryDirectoryObject
- ntdll.dll.RtlInitUnicodeString
- kernel32.dll.GetModuleHandleW
- kernel32.dll.ExitProcess
- kernel32.dll.GlobalUnlock
- kernel32.dll.GlobalAlloc
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetProcAddress
- kernel32.dll.lstrcpyA
- kernel32.dll.GetVersionExA
- kernel32.dll.GlobalLock
- kernel32.dll.GetStartupInfoA
- comctl32.dll._TrackMouseEvent
- gdi32.dll.SetDIBitsToDevice
- gdi32.dll.CreateBitmap
- gdi32.dll.ExtCreatePen
- gdi32.dll.Pie
- gdi32.dll.Arc
- gdi32.dll.PolyPolygon
- gdi32.dll.Polyline
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.DeleteDC
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.BitBlt
- gdi32.dll.GetClipBox
- gdi32.dll.GetDCOrgEx
- gdi32.dll.EqualRgn
- gdi32.dll.GetRgnBox
- gdi32.dll.RectInRegion
- gdi32.dll.SelectClipRgn
- gdi32.dll.Polygon
- gdi32.dll.SetPixel
- gdi32.dll.MoveToEx
- gdi32.dll.LineTo
- gdi32.dll.GetDeviceCaps
- gdi32.dll.CreatePalette
- gdi32.dll.SelectPalette
- gdi32.dll.RealizePalette
- gdi32.dll.CreateSolidBrush
- gdi32.dll.GetStockObject
- gdi32.dll.CreatePen
- gdi32.dll.SetTextColor
- gdi32.dll.TextOutA
- gdi32.dll.CreateFontA
- gdi32.dll.SelectObject
- gdi32.dll.GetTextMetricsA
- gdi32.dll.GetCharWidthA
- gdi32.dll.RestoreDC
- gdi32.dll.SaveDC
- gdi32.dll.SetTextAlign
- gdi32.dll.SetBkMode
- gdi32.dll.UpdateColors
- gdi32.dll.CreateRectRgn
- gdi32.dll.CombineRgn
- gdi32.dll.DeleteObject
- gdi32.dll.GdiFlush
- msvcrt.dll._getcwd
- msvcrt.dll.qsort
- msvcrt.dll.strstr
- msvcrt.dll._strnicmp
- msvcrt.dll.strerror
- msvcrt.dll._controlfp
- msvcrt.dll._except_handler3
- msvcrt.dll.__set_app_type
- msvcrt.dll.__p__fmode
- msvcrt.dll.__p__commode
- msvcrt.dll._adjust_fdiv
- msvcrt.dll.__setusermatherr
- msvcrt.dll._initterm
- msvcrt.dll.__getmainargs
- msvcrt.dll._acmdln
- msvcrt.dll._XcptFilter
- msvcrt.dll._exit
- msvcrt.dll._onexit
- msvcrt.dll.__dllonexit
- msvcrt.dll.strtod
- msvcrt.dll.abort
- msvcrt.dll._errno
- msvcrt.dll.fseek
- msvcrt.dll.fscanf
- msvcrt.dll.getc
- msvcrt.dll.fread
- msvcrt.dll.longjmp
- msvcrt.dll.__CxxLongjmpUnwind
- msvcrt.dll._setjmp3
- msvcrt.dll.sqrt
- msvcrt.dll.fabs
- msvcrt.dll.floor
- msvcrt.dll.isxdigit
- msvcrt.dll.isalnum
- msvcrt.dll.localeconv
- msvcrt.dll.strtol
- msvcrt.dll.__mb_cur_max
- msvcrt.dll._isctype
- msvcrt.dll._pctype
- msvcrt.dll.strncpy
- msvcrt.dll.sin
- msvcrt.dll.cos
- msvcrt.dll._stricmp
- msvcrt.dll._putenv
- msvcrt.dll.sscanf
- msvcrt.dll.log
- msvcrt.dll.calloc
- msvcrt.dll.rewind
- msvcrt.dll.ftell
- msvcrt.dll.bsearch
- msvcrt.dll.__p___argc
- msvcrt.dll.__p___argv
- msvcrt.dll._iob
- msvcrt.dll.tolower
- msvcrt.dll.pow
- msvcrt.dll.exit
- msvcrt.dll.memcmp
- msvcrt.dll.strcat
- msvcrt.dll.strncmp
- msvcrt.dll.fwrite
- msvcrt.dll.fputc
- msvcrt.dll.strcpy
- msvcrt.dll._access
- msvcrt.dll._mkdir
- msvcrt.dll.fprintf
- msvcrt.dll.__CxxFrameHandler
- msvcrt.dll.??3@YAXPAX@Z
- msvcrt.dll.??2@YAPAXI@Z
- msvcrt.dll.atoi
- msvcrt.dll.time
- msvcrt.dll.sprintf
- msvcrt.dll.memset
- msvcrt.dll.rand
- msvcrt.dll.srand
- msvcrt.dll._purecall
- msvcrt.dll.free
- msvcrt.dll._strdup
- msvcrt.dll.toupper
- msvcrt.dll.islower
- msvcrt.dll.isupper
- msvcrt.dll.isalpha
- msvcrt.dll.realloc
- msvcrt.dll._ftol
- msvcrt.dll.memcpy
- msvcrt.dll.strcmp
- msvcrt.dll.malloc
- msvcrt.dll.abs
- msvcrt.dll.memmove
- msvcrt.dll.strrchr
- msvcrt.dll.isspace
- msvcrt.dll.ceil
- msvcrt.dll.strlen
- msvcrt.dll.atof
- msvcrt.dll.strchr
- msvcrt.dll.isdigit
- msvcrt.dll.getenv
- msvcrt.dll.fclose
- msvcrt.dll.strcspn
- msvcrt.dll.fgets
- msvcrt.dll.fopen
- ole32.dll.OleUninitialize
- ole32.dll.RegisterDragDrop
- ole32.dll.OleInitialize
- ole32.dll.ReleaseStgMedium
- ole32.dll.DoDragDrop
- shell32.dll.DragQueryFileA
- user32.dll.SetTimer
- user32.dll.KillTimer
- user32.dll.SetWindowTextA
- user32.dll.ClientToScreen
- user32.dll.SetCapture
- user32.dll.RegisterClassExA
- user32.dll.BringWindowToTop
- user32.dll.OpenIcon
- user32.dll.IsIconic
- user32.dll.LoadIconA
- user32.dll.DestroyWindow
- user32.dll.PostMessageA
- user32.dll.CloseClipboard
- user32.dll.SetClipboardData
- user32.dll.EmptyClipboard
- user32.dll.OpenClipboard
- user32.dll.GetClipboardOwner
- user32.dll.ShowWindow
- user32.dll.DispatchMessageA
- user32.dll.TranslateMessage
- user32.dll.PeekMessageA
- user32.dll.MsgWaitForMultipleObjects
- user32.dll.SystemParametersInfoA
- user32.dll.GetCursorPos
- user32.dll.GetClipboardData
- user32.dll.GetSystemMetrics
- user32.dll.AdjustWindowRectEx
- user32.dll.GetWindowLongA
- user32.dll.SetWindowPos
- user32.dll.CreateWindowExA
- user32.dll.RegisterWindowMessageA
- user32.dll.ReleaseCapture
- user32.dll.LoadCursorA
- user32.dll.DefWindowProcA
- user32.dll.InvalidateRect
- user32.dll.SetCursor
- user32.dll.GetKeyState
- user32.dll.GetAsyncKeyState
- user32.dll.ValidateRgn
- user32.dll.InvalidateRgn
- user32.dll.GetUpdateRgn
- user32.dll.PostQuitMessage
- user32.dll.SetActiveWindow
- user32.dll.GetSysColor
- user32.dll.MessageBoxA
- user32.dll.SetForegroundWindow
- user32.dll.WindowFromPoint
- user32.dll.OffsetRect
- user32.dll.IntersectRect
- user32.dll.GetWindowPlacement
- user32.dll.GetWindowRect
- user32.dll.MessageBeep
- user32.dll.FillRect
- user32.dll.ReleaseDC
- user32.dll.GetDC
- wsock32.dll.#18
- wsock32.dll.#151
- user32.dll.EnumDisplayMonitors
- user32.dll.MonitorFromWindow
- user32.dll.MonitorFromRect
- user32.dll.MonitorFromPoint
- user32.dll.GetMonitorInfoA
- ole32.dll.CoInitializeEx
- ole32.dll.CoUninitialize
- ole32.dll.CoRegisterInitializeSpy
- sechost.dll.ConvertSidToStringSidW
- sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- advapi32.dll.CreateWellKnownSid
- rpcrt4.dll.RpcStringBindingComposeW
- rpcrt4.dll.RpcBindingFromStringBindingW
- rpcrt4.dll.RpcStringFreeW
- rpcrt4.dll.RpcBindingSetAuthInfoExW
- sechost.dll.LookupAccountNameLocalW
- rpcrt4.dll.NdrClientCall2
- rpcrt4.dll.RpcBindingFree
- kernel32.dll.GetStdHandle
- cryptsp.dll.CryptDestroyHash
- cryptsp.dll.CryptDecrypt
- cryptsp.dll.CryptDestroyKey
- kernel32.dll.GetLastError
- kernel32.dll.GetFileSizeEx
- kernel32.dll.SetFilePointerEx
- kernel32.dll.GetTimeZoneInformation
- kernel32.dll.GetVersionExW
- kernel32.dll.GetCurrentProcess
- kernel32.dll.VirtualProtect
- kernel32.dll.IsBadWritePtr
- kernel32.dll.LoadLibraryA
- kernel32.dll.VirtualAlloc
- kernel32.dll.VirtualFree
- kernel32.dll.Sleep
- kernel32.dll.CreateDirectoryW
- kernel32.dll.GetComputerNameA
- kernel32.dll.GetFileSize
- kernel32.dll.LoadLibraryW
- kernel32.dll.GetDateFormatA
- kernel32.dll.lstrcatW
- kernel32.dll.SetFileAttributesW
- kernel32.dll.RaiseException
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.GetFileAttributesW
- kernel32.dll.GetTimeFormatA
- kernel32.dll.lstrlenA
- kernel32.dll.SetEndOfFile
- kernel32.dll.SetFilePointer
- kernel32.dll.lstrlenW
- kernel32.dll.ReadFile
- kernel32.dll.FlushFileBuffers
- kernel32.dll.GetTickCount
- kernel32.dll.GetSystemTime
- kernel32.dll.GetTempFileNameW
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.WriteConsoleW
- kernel32.dll.GetConsoleMode
- kernel32.dll.GetConsoleCP
- kernel32.dll.EnterCriticalSection
- kernel32.dll.CreateProcessW
- kernel32.dll.CreateThread
- kernel32.dll.CloseHandle
- kernel32.dll.ExitThread
- kernel32.dll.CreateFileW
- kernel32.dll.SetStdHandle
- kernel32.dll.HeapSize
- kernel32.dll.GetFileType
- kernel32.dll.GetProcessHeap
- kernel32.dll.FreeEnvironmentStringsW
- kernel32.dll.GetEnvironmentStringsW
- kernel32.dll.GetCommandLineW
- kernel32.dll.GetCommandLineA
- kernel32.dll.GetCPInfo
- kernel32.dll.GetOEMCP
- kernel32.dll.IsValidCodePage
- kernel32.dll.FindFirstFileExA
- kernel32.dll.LCMapStringW
- kernel32.dll.GetTempPathW
- kernel32.dll.WriteFile
- kernel32.dll.GetStringTypeW
- kernel32.dll.GetACP
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.GetModuleHandleExW
- kernel32.dll.LoadLibraryExW
- kernel32.dll.FreeLibrary
- kernel32.dll.TlsFree
- kernel32.dll.TlsSetValue
- kernel32.dll.TlsGetValue
- kernel32.dll.TlsAlloc
- kernel32.dll.InitializeCriticalSectionAndSpinCount
- kernel32.dll.RtlUnwind
- kernel32.dll.InterlockedFlushSList
- kernel32.dll.GetStartupInfoW
- kernel32.dll.InitializeSListHead
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.IsProcessorFeaturePresent
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.SystemTimeToFileTime
- kernel32.dll.CompareFileTime
- kernel32.dll.CreateFileA
- kernel32.dll.FindNextFileA
- kernel32.dll.IsBadStringPtrW
- kernel32.dll.IsBadReadPtr
- kernel32.dll.IsBadStringPtrA
- kernel32.dll.SearchPathW
- kernel32.dll.lstrcmpiA
- kernel32.dll.lstrcmpiW
- kernel32.dll.OpenProcess
- kernel32.dll.TerminateProcess
- kernel32.dll.GetHandleInformation
- kernel32.dll.FindClose
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.HeapCreate
- kernel32.dll.HeapFree
- kernel32.dll.SetLastError
- kernel32.dll.HeapValidate
- kernel32.dll.HeapReAlloc
- kernel32.dll.GetProcessHeaps
- kernel32.dll.HeapSetInformation
- kernel32.dll.HeapAlloc
- kernel32.dll.lstrcpynW
- kernel32.dll.lstrcpynA
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.DeleteCriticalSection
- user32.dll.GetWindowTextW
- user32.dll.IsClipboardFormatAvailable
- user32.dll.SendMessageA
- user32.dll.RegisterRawInputDevices
- user32.dll.GetForegroundWindow
- user32.dll.ToUnicodeEx
- user32.dll.AttachThreadInput
- user32.dll.GetRawInputData
- user32.dll.ChangeClipboardChain
- user32.dll.DispatchMessageW
- user32.dll.GetKeyboardState
- user32.dll.RegisterClassExW
- user32.dll.CreateWindowExW
- user32.dll.SetClipboardViewer
- user32.dll.DefWindowProcW
- user32.dll.GetMessageW
- user32.dll.GetWindowTextLengthW
- user32.dll.GetWindowThreadProcessId
- advapi32.dll.GetSidSubAuthorityCount
- advapi32.dll.GetSidSubAuthority
- advapi32.dll.OpenProcessToken
- advapi32.dll.GetUserNameW
- advapi32.dll.GetTokenInformation
- advapi32.dll.RegQueryValueExA
- advapi32.dll.RegOpenKeyExA
- shell32.dll.SHGetFolderPathW
- winscard.dll.SCardConnectW
- winscard.dll.SCardStatusW
- winscard.dll.SCardFreeMemory
- winscard.dll.SCardListReadersW
- winscard.dll.SCardReleaseContext
- winscard.dll.SCardEstablishContext
- winscard.dll.SCardDisconnect
- netapi32.dll.NetUserGetInfo
- netapi32.dll.NetApiBufferFree
- crypt32.dll.CryptBinaryToStringA
- wininet.dll.HttpSendRequestA
- wininet.dll.HttpSendRequestExA
- wininet.dll.HttpEndRequestA
- wininet.dll.InternetWriteFile
- wininet.dll.HttpAddRequestHeadersW
- wininet.dll.InternetTimeToSystemTimeW
- wininet.dll.InternetSetOptionW
- wininet.dll.InternetConnectW
- wininet.dll.InternetCreateUrlW
- wininet.dll.InternetCloseHandle
- wininet.dll.HttpSendRequestW
- wininet.dll.HttpAddRequestHeadersA
- wininet.dll.InternetCrackUrlW
- wininet.dll.HttpQueryInfoW
- wininet.dll.InternetOpenW
- wininet.dll.InternetSetStatusCallbackW
- wininet.dll.HttpQueryInfoA
- wininet.dll.InternetQueryOptionW
- wininet.dll.HttpOpenRequestW
- wininet.dll.InternetReadFile
- ntdll.dll.NtDeleteFile
- ntdll.dll.RtlDosPathNameToNtPathName_U
- ntdll.dll.RtlFreeUnicodeString
- ntdll.dll.ZwOpenProcess
- ws2_32.dll.#111
- ws2_32.dll.#115
- ws2_32.dll.#3
- ws2_32.dll.WSAIoctl
- ws2_32.dll.#23
- shlwapi.dll.StrChrW
- shlwapi.dll.StrToIntW
- shlwapi.dll.StrStrA
- shlwapi.dll.StrStrIW
- shlwapi.dll.PathSkipRootW
- shlwapi.dll.StrCmpNIA
- shlwapi.dll.StrCmpNIW
- shlwapi.dll.StrStrW
- shlwapi.dll.StrCpyW
- shlwapi.dll.ChrCmpIW
- sechost.dll.OpenSCManagerW
- sechost.dll.OpenServiceW
- sechost.dll.QueryServiceConfigW
- sechost.dll.CloseServiceHandle
- winsta.dll.WinStationRegisterNotificationEvent
- rpcrt4.dll.RpcAsyncInitializeHandle
- rpcrt4.dll.NdrAsyncClientCall
- winsta.dll.WinStationIsSessionRemoteable
- wtsapi32.dll.WTSQuerySessionInformationW
- winsta.dll.WinStationQueryInformationW
- wtsapi32.dll.WTSFreeMemory
- kernel32.dll.GetNativeSystemInfo
- oleaut32.dll.SysAllocString
- oleaut32.dll.SysStringLen
- oleaut32.dll.SysFreeString
- rasapi32.dll.RasConnectionNotificationW
- sechost.dll.NotifyServiceStatusChangeA
- ncrypt.dll.SslFreeObject
- sechost.dll.OpenServiceA