"summary": { "file_created": [ "C:\\Docu

1.  
2. "summary": {
3. "file_created": [
4. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018022320180224\\index.dat",
5. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021220180219\\index.dat"
6. ],
7. "regkey_written": [
8. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{E2E2DD38-D088-4134-82B7-F2BA38496583}\\iexplore\\Type",
9. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\MRUListEx",
10. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CachePrefix",
11. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\WINDOWS\\system32\\shimgvw.dll",
12. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CacheOptions",
13. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CachePrefix",
14. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
15. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CachePath",
16. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7004",
17. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7005",
18. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\Locked",
19. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7001",
20. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CacheRepair",
21. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
22. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\WINDOWS\\system32\\mspaint.exe",
23. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CacheLimit",
24. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\WINDOWS\\system32\\NOTEPAD.EXE",
25. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\Program Files\\Windows NT\\Accessories\\WORDPAD.EXE",
26. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{E2E2DD38-D088-4134-82B7-F2BA38496583}\\iexplore\\Time",
27. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{ef61f5f0-1227-11e8-94f0-806d6172696f}\\BaseClass",
28. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{E2E2DD38-D088-4134-82B7-F2BA38496583}\\iexplore\\Count",
29. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CacheRepair",
30. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\NodeSlots",
31. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@%SystemRoot%\\system32\\usmt\\migwiz.exe,-203",
32. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
33. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CacheLimit",
34. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CachePath",
35. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{ef61f5f2-1227-11e8-94f0-806d6172696f}\\BaseClass",
36. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\MRUListEx",
37. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CacheOptions",
38. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\Program Files\\Internet Explorer\\iexplore.exe"
39. ],
40. "dll_loaded": [
41. "C:\\WINDOWS\\system32\\IMM32.DLL",
42. "C:\\WINDOWS\\system32\\SHELL32.dll",
43. "urlmon.dll",
44. "xpsp2res.dll",
45. "UxTheme.dll",
46. "oleaut32.dll",
47. "C:\\WINDOWS\\system32\\browselc.dll",
48. "USER32.DLL",
49. "C:\\WINDOWS\\system32\\shdoclc.dll",
50. "C:\\WINDOWS\\system32\\shell32.dll",
51. "URLMON.DLL",
52. "SHDOCVW.dll",
53. "WININET.dll",
54. "BROWSEUI.dll",
55. "explorer.exe",
56. "OLE32",
57. "MLANG.dll",
58. "ole32.dll",
59. "comctl32.dll",
60. "IMM32.DLL",
61. "shdocvw.dll",
62. "C:\\WINDOWS\\system32\\urlmon.dll",
63. "SHELL32.DLL",
64. "uxtheme.dll",
65. "OLEAUT32.dll",
66. "mlang.dll",
67. "SHELL32.dll",
68. "COMCTL32.dll",
69. "VERSION.dll",
70. "appHelp.dll",
71. "C:\\WINDOWS\\system32\\uxtheme.dll",
72. "OLEAUT32",
73. "shell32.dll",
74. "OLE32.DLL",
75. "SETUPAPI.dll"
76. ],
77. "file_opened": [
78. "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Python 2.7\\Python (command line).lnk",
79. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021220180219\\index.dat",
80. "C:\\WINDOWS\\explorer.exe",
81. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018022320180224\\index.dat",
82. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021620180217\\index.dat",
83. "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE",
84. "C:\\WINDOWS\\system32\\shell32.dll",
85. "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\MSN.lnk",
86. "C:\\WINDOWS\\system32\\mspaint.exe",
87. "C:\\Python27\\python.exe",
88. "C:\\Documents and Settings\\user\\Local Settings\\Temp\\test",
89. "C:\\Documents and Settings\\user\\Local Settings\\History\\desktop.ini",
90. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021520180216\\index.dat",
91. "C:\\WINDOWS\\system32\\shimgvw.dll",
92. "C:\\Documents and Settings\\user\\Desktop",
93. "C:\\WINDOWS\\system32\\url.dll",
94. "C:\\WINDOWS\\system32\\comctl32.dll",
95. "C:\\WINDOWS\\system32\\usmt\\migwiz.exe",
96. "C:\\WINDOWS\\system32\\notepad.exe",
97. "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Files and Settings Transfer Wizard.lnk",
98. "C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe",
99. "C:\\WINDOWS\\system32\\mshtml.dll",
100. "C:\\WINDOWS\\system32\\cscui.dll"
101. ],
102. "regkey_opened": [
103. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\rundll32.exe",
104. "HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\about\\",
105. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\International",
106. "HKEY_CLASSES_ROOT\\Directory",
107. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection",
108. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\",
109. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\P3Global",
110. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
111. "HKEY_CLASSES_ROOT\\Applications\\msimn.exe",
112. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
113. "HKEY_CLASSES_ROOT\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}",
114. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386",
115. "HKEY_CLASSES_ROOT\\Applications\\faxcover.exe",
116. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\moviemk.exe\\shell",
117. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK",
118. "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
119. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
120. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
121. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
122. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
123. "HKEY_CLASSES_ROOT\\Applications\\cag.exe",
124. "HKEY_CLASSES_ROOT\\\u0004",
125. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDON_MANAGEMENT",
126. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\ShellEx\\IconHandler",
127. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\iexplore.exe",
128. "HKEY_CLASSES_ROOT\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32",
129. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\navwnt.exe\\shell",
130. "HKEY_CLASSES_ROOT\\.",
131. "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
132. "HKEY_CLASSES_ROOT\\*",
133. "HKEY_CLASSES_ROOT\\Applications\\wab.exe",
134. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
135. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}",
136. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\\(Default)",
137. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_AnchorsMarkedVisited_KB918965",
138. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\LocalServer",
139. "HKEY_CLASSES_ROOT\\Applications\\WB32.EXE",
140. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\shell",
141. "HKEY_CLASSES_ROOT\\Applications\\explorer.exe",
142. "HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\MenuPopup\\.current",
143. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\CurVer",
144. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
145. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache",
146. "HKEY_CLASSES_ROOT\\Applications\\ARTGALRY.EXE",
147. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
148. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
149. "HKEY_CLASSES_ROOT\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\\InProcServer32",
150. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mobsync.exe\\(Default)",
151. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
152. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL",
153. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\WINWORD.EXE\\shell",
154. "HKEY_CLASSES_ROOT\\Applications\\wpnpinst.exe",
155. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\ShellEx\\IconHandler",
156. "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\C",
157. "HKEY_CLASSES_ROOT\\CLSID\\{750FDF0E-2A26-11D1-A3EA-080036587F03}\\InProcServer32",
158. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\Floppy Access",
159. "HKEY_CLASSES_ROOT\\Applications\\dsquery.dll",
160. "HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text/plain",
161. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Toolbar",
162. "HKEY_CLASSES_ROOT\\Applications\\shdocvw.dll",
163. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\TaskbarExceptionsIcons",
164. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\\(Default)",
165. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\OpenWithList",
166. "HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11cf-8FD0-00AA00686F13}\\Implemented Categories\\{00021490-0000-0000-C000-000000000046}",
167. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
168. "HKEY_CLASSES_ROOT\\OpenWithList",
169. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Styles",
170. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
171. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\CLSID",
172. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ShellEx\\{10DF43C8-1DBE-11D3-8B34-006097DF5BD4}",
173. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\\(Default)",
174. "HKEY_CLASSES_ROOT\\Applications\\Ttxmpc97.exe",
175. "HKEY_CLASSES_ROOT\\Applications\\depends.exe",
176. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
177. "HKEY_CLASSES_ROOT\\Applications\\inoculan.exe",
178. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\ShellEx\\{00021500-0000-0000-C000-000000000046}",
179. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0}",
180. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\blank",
181. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\shell\\open\\command",
182. "HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics",
183. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings",
184. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
185. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
186. "HKEY_CLASSES_ROOT\\CLSID\\{BDEADE7F-C265-11d0-BCED-00A0C90AB50F}\\Implemented Categories\\{00021494-0000-0000-C000-000000000046}",
187. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
188. "HKEY_CLASSES_ROOT\\Applications\\CChat.exe",
189. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache",
190. "HKEY_CLASSES_ROOT\\Applications\\grpconv.exe",
191. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{E2E2DD38-D088-4134-82B7-F2BA38496583}",
192. "HKEY_CLASSES_ROOT\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder",
193. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CLOSE_EMPTY_BROWSER_KB920982",
194. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
195. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
196. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
197. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
198. "HKEY_CLASSES_ROOT\\Applications\\mshta.exe",
199. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
200. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
201. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
202. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
203. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\LocalServer32",
204. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\DefaultIcon",
205. "HKEY_CLASSES_ROOT\\Applications\\mobsync.exe",
206. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe",
207. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International",
208. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
209. "HKEY_CLASSES_ROOT\\Applications\\zipfldr.dll",
210. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ShellEx\\{000214F9-0000-0000-C000-000000000046}",
211. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
212. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1\\0",
213. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTELLIFORMS_ALTERNATE_RELEASE_KB924301",
214. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
215. "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Explorer\\AutoComplete",
216. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
217. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.",
218. "HKEY_CLASSES_ROOT\\Applications\\mspaint.exe",
219. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\New Windows",
220. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\navwnt.exe\\(Default)",
221. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\MediaTypeClass",
222. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\InprocServerX86",
223. "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
224. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ef61f5f0-1227-11e8-94f0-806d6172696f}\\",
225. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\moviemk.exe\\shell\\open",
226. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\shell",
227. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{FF393560-C2A7-11CF-BFF4-444553540000}",
228. "HKEY_CLASSES_ROOT\\Applications",
229. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\sndvol32.exe\\shell",
230. "HKEY_CLASSES_ROOT\\Applications\\wordpad.exe",
231. "HKEY_CLASSES_ROOT\\.htm",
232. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
233. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\InprocHandlerX86",
234. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\Clsid",
235. "HKEY_CLASSES_ROOT\\Applications\\WINWORD.EXE",
236. "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
237. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}",
238. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
239. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\\(Default)",
240. "HKEY_CLASSES_ROOT\\Applications\\msrating.dll",
241. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\ShellEx\\IconHandler",
242. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
243. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServerX86",
244. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
245. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\icwconn1.exe\\shell",
246. "HKEY_CLASSES_ROOT\\Folder",
247. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\shell\\open\\command",
248. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\shell",
249. "HKEY_CLASSES_ROOT\\Applications\\ORGCHART.EXE",
250. "HKEY_CLASSES_ROOT\\Applications\\cryptext.dll",
251. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Url History",
252. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\(Default)",
253. "HKEY_CLASSES_ROOT\\Applications\\shell32.dll",
254. "HKEY_CLASSES_ROOT\\.html",
255. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\(Default)",
256. "HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\",
257. "HKEY_CLASSES_ROOT\\Applications\\CMMGR32.EXE",
258. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\(Default)",
259. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\icwconn1.exe\\(Default)",
260. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{E2E2DD38-D088-4134-82B7-F2BA38496583}\\iexplore",
261. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\Bags\\1\\Shell\\Inherit",
262. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\windows\\CurrentVersion\\Explorer\\AutoComplete",
263. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\TreatAs",
264. "HKEY_CLASSES_ROOT\\SystemFileAssociations\\text",
265. "HKEY_CLASSES_ROOT\\Applications\\perfmon.exe",
266. "HKEY_LOCAL_MACHINE\\System\\Setup",
267. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
268. "HKEY_CLASSES_ROOT\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
269. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU",
270. "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
271. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
272. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell",
273. "HKEY_CLASSES_ROOT\\Applications\\sndvol32.exe",
274. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
275. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\shell\\edit",
276. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
277. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
278. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD",
279. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\OpenWithProgids",
280. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
281. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
282. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING",
283. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FILEPROTOCOL_NOFINDFIRST_KB947853",
284. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\(Default)",
285. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileAssociation",
286. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocHandler32",
287. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
288. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\ShellEx\\{00021500-0000-0000-C000-000000000046}",
289. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
290. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Extensions\\{E2E2DD38-D088-4134-82B7-F2BA38496583}",
291. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Extensions\\CmdMapping",
292. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowseNewProcess",
293. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\(Default)",
294. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\Progid",
295. "HKEY_CLASSES_ROOT\\Applications\\icwconn1.exe",
296. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\AppLogLevels",
297. "HKEY_CLASSES_ROOT\\Applications\\shscrap.dll",
298. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\Bags\\4\\Shell\\Inherit",
299. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_VALIDATE_NAVIGATE_URL",
300. "HKEY_CLASSES_ROOT\\Applications\\drwatson.exe",
301. "HKEY_LOCAL_MACHINE\\System\\WPA\\PnP",
302. "HKEY_CLASSES_ROOT\\Applications\\python.exe",
303. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\(Default)",
304. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Extensions",
305. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003",
306. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Printing",
307. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\InprocHandler32",
308. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
309. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
310. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\(Default)",
311. "HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\*\\",
312. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
313. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Accepted Documents",
314. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\(Default)",
315. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
316. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
317. "HKEY_CLASSES_ROOT\\Applications\\notepad.exe",
318. "HKEY_CLASSES_ROOT\\Applications\\Outlook.EXE",
319. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\C",
320. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021620180217",
321. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mobsync.exe\\shell",
322. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\DefaultIcon",
323. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
324. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
325. "HKEY_CURRENT_USER\\software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
326. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel",
327. "HKEY_CLASSES_ROOT\\Applications\\finder.exe",
328. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
329. "HKEY_CLASSES_ROOT\\Applications\\helpctr.exe",
330. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
331. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\\(Default)",
332. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
333. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ef61f5f2-1227-11e8-94f0-806d6172696f}\\",
334. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224",
335. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\shell",
336. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\",
337. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_COMPLETE_PROGRESSBAR_ONFLASH_925973",
338. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\inoculan.exe\\shell",
339. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\shell",
340. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\(Default)",
341. "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
342. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{ef61f5f0-1227-11e8-94f0-806d6172696f}\\",
343. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\LocalizedResourceName",
344. "HKEY_CLASSES_ROOT\\exefile",
345. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\realmon.exe\\(Default)",
346. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\LocalServer32",
347. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_GET_URL_DOM_FILEPATH_UNENCODED",
348. "HKEY_CLASSES_ROOT\\Applications\\OSA.EXE",
349. "HKEY_CLASSES_ROOT\\Applications\\accwiz.exe",
350. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ratings",
351. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS",
352. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING",
353. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\shell\\open",
354. "HKEY_CLASSES_ROOT\\Applications\\datainst.exe",
355. "HKEY_CLASSES_ROOT\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}",
356. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\shell\\open",
357. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\InprocServer32",
358. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0}",
359. "HKEY_CLASSES_ROOT\\Applications\\msiexec.exe",
360. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
361. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\(Default)",
362. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main",
363. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING",
364. "HKEY_CLASSES_ROOT\\Applications\\rnaui.dll",
365. "HKEY_CLASSES_ROOT\\.lnk",
366. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Version Vector",
367. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
368. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
369. "HKEY_CLASSES_ROOT\\Applications\\regedit.exe",
370. "HKEY_CLASSES_ROOT\\Applications\\shimgvw.dll",
371. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_VALIDATE_URLHOSTNAME",
372. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}",
373. "HKEY_CLASSES_ROOT\\Applications\\mplayer.exe",
374. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\Offline Files",
375. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\TreatAs",
376. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocHandlerX86",
377. "HKEY_CLASSES_ROOT\\Applications\\moviemk.exe",
378. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\(Default)",
379. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{21EC2020-3AEA-1069-A2DD-08002B30309D}",
380. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\(Default)",
381. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\Scripts\\3",
382. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\PhotoSupport",
383. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
384. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
385. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
386. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt",
387. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam",
388. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers",
389. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowseNewProcess",
390. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}",
391. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
392. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\shell\\edit\\command",
393. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\shell\\open",
394. "HKEY_CLASSES_ROOT\\Applications\\hh.exe",
395. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\Bags\\8\\Shell\\Inherit",
396. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}",
397. "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings",
398. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}",
399. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\blank",
400. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
401. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\shell\\open",
402. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
403. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{ef61f5f2-1227-11e8-94f0-806d6172696f}\\",
404. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
405. "HKEY_CLASSES_ROOT\\Applications\\WScript.exe",
406. "HKEY_CLASSES_ROOT\\Applications\\HYPERTRM.EXE",
407. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547",
408. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
409. "HKEY_LOCAL_MACHINE\\Software\\Clients\\News",
410. "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MiniNT",
411. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\Lang0409",
412. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer",
413. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\Bags\\AllFolders\\Shell",
414. "HKEY_CLASSES_ROOT\\Applications\\inetcpl.cpl",
415. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SmallIcons",
416. "HKEY_CLASSES_ROOT\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\shell",
417. "HKEY_CLASSES_ROOT\\Applications\\realmon.exe",
418. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\P3Sites",
419. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\New Windows",
420. "HKEY_CLASSES_ROOT\\Applications\\wltmime.exe",
421. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\shell\\open",
422. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
423. "HKEY_CLASSES_ROOT\\Applications\\cdfview.dll",
424. "HKEY_CLASSES_ROOT\\Applications\\clipbrd.exe",
425. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
426. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm",
427. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\(Default)",
428. "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Url History",
429. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219",
430. "HKEY_CLASSES_ROOT\\SystemFileAssociations\\.exe",
431. "HKEY_CLASSES_ROOT\\Applications\\netshell.dll",
432. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Extensions\\{E2E2DD38-D088-4134-82B7-F2BA38496583}",
433. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
434. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
435. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
436. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU",
437. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
438. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION",
439. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
440. "HKEY_CLASSES_ROOT\\Applications\\url.dll",
441. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
442. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\(Default)",
443. "HKEY_CLASSES_ROOT\\Applications\\rasphone.exe",
444. "HKEY_CLASSES_ROOT\\SystemFileAssociations\\application",
445. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
446. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Shell\\Bags\\AllFolders\\Shell",
447. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\Scripts",
448. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
449. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}",
450. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\realmon.exe\\shell",
451. "HKEY_CLASSES_ROOT\\.exe",
452. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons",
453. "HKEY_CLASSES_ROOT\\Applications\\graflink.exe",
454. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\shell",
455. "HKEY_CLASSES_ROOT\\SystemFileAssociations\\.htm",
456. "HKEY_CLASSES_ROOT\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
457. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer",
458. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
459. "HKEY_CURRENT_USER",
460. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\shell\\edit\\command",
461. "HKEY_CLASSES_ROOT\\Applications\\navwnt.exe",
462. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
463. "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
464. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Performance",
465. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\shell\\open\\command",
466. "HKEY_CLASSES_ROOT\\http\\DefaultIcon",
467. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions",
468. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}",
469. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT",
470. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32",
471. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\ShellBrowser",
472. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion",
473. "HKEY_CLASSES_ROOT\\SystemFileAssociations\\.",
474. "HKEY_CLASSES_ROOT\\Applications\\msconf.dll",
475. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams",
476. "HKEY_CLASSES_ROOT\\Applications\\themes.exe",
477. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\moviemk.exe\\(Default)",
478. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SECURITYBAND",
479. "HKEY_CLASSES_ROOT\\Applications\\fontview.exe",
480. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
481. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}",
482. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\",
483. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings",
484. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ACTIVEXINSTALL",
485. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{E2E2DD38-D088-4134-82B7-F2BA38496583}",
486. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Shell\\(Default)",
487. "HKEY_LOCAL_MACHINE\\software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
488. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\shell\\open\\command",
489. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\\(Default)",
490. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}",
491. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\DocObject",
492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder",
493. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
494. "HKEY_CLASSES_ROOT\\Applications\\snapview.exe",
495. "HKEY_CLASSES_ROOT\\Applications\\awdvstub.exe",
496. "HKEY_CLASSES_ROOT\\Applications\\MSInfo32.exe",
497. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}",
498. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_POPUPMANAGEMENT",
499. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
500. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
501. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}",
502. "HKEY_CLASSES_ROOT\\lnkfile",
503. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
504. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
505. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\shell\\edit",
506. "HKEY_CLASSES_ROOT\\Applications\\winhlp32.exe",
507. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{2227A280-3AEA-1069-A2DE-08002B30309D}",
508. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main",
509. "HKEY_CURRENT_USER\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}",
510. "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
511. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
512. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\shell",
513. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar",
514. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
515. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\shell\\open",
516. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
517. "HKEY_CURRENT_USER\\CLSID\\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\\InProcServer32",
518. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\WINWORD.EXE\\(Default)",
519. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\shell\\open\\command",
520. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
521. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\IEAK",
522. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
523. "HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\C\\",
524. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0",
525. "HKEY_CURRENT_USER\\CLSID\\{0002DF01-0000-0000-C000-000000000046}",
526. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0}",
527. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\inoculan.exe\\(Default)",
528. "HKEY_CURRENT_USER\\Control Panel\\International",
529. "HKEY_CURRENT_USER\\(Default)",
530. "HKEY_CLASSES_ROOT\\Applications\\ntbackup.exe",
531. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
532. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SmallIcons",
533. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
534. "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\",
535. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS",
536. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\Clsid",
537. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1",
538. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\sndvol32.exe\\(Default)",
539. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\TypedURLs",
540. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\shell\\edit",
541. "HKEY_CLASSES_ROOT\\OpenWithProgids",
542. "HKEY_CLASSES_ROOT\\htmlfile",
543. "HKEY_CLASSES_ROOT\\Applications\\kodakprv.EXE",
544. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Extensions",
545. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\CurVer",
546. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder",
547. "HKEY_CLASSES_ROOT\\Applications\\oledb32.dll",
548. "HKEY_CLASSES_ROOT\\Applications\\iexplore.exe",
549. "HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}",
550. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
551. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.lnk",
552. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
553. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Toolbars\\Restrictions",
554. "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
555. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\IEAK",
556. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021520180216",
557. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\CLSID",
558. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
559. "HKEY_CLASSES_ROOT\\Applications\\ISIGNUP.EXE",
560. "HKEY_CLASSES_ROOT\\CLSID\\{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder",
561. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\Clsid",
562. "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
563. "HKEY_CLASSES_ROOT\\Applications\\MMC.exe",
564. "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CodePage",
565. "HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\file\\",
566. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\(Default)",
567. "HKEY_CLASSES_ROOT\\Applications\\fpidcwiz.exe",
568. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies",
569. "HKEY_CLASSES_ROOT\\Applications\\mnyimprt.exe"
570. ],
571. "command_line": [
572. "\"C:\\WINDOWS\\system32\\rundll32.exe\" C:\\WINDOWS\\system32\\shell32.dll,OpenAs_RunDLL C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\test",
573. "\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\test",
574. "C:\\Documents and Settings\\user\\Local Settings\\Temp\\test"
575. ],
576. "regkey_deleted": [
577. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021520180216",
578. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021620180217"
579. ],
580. "file_deleted": [
581. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021520180216\\index.dat",
582. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021620180217\\index.dat"
583. ],
584. "directory_removed": [
585. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021620180217\\",
586. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021520180216\\"
587. ],
588. "file_exists": [
589. "C:\\WINDOWS\\Installer\\{16E52445-1392-469F-9ADB-FC03AF00CD61}\\python_icon.exe",
590. "C:\\WINDOWS\\system32\\rundll32.exe",
591. "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE",
592. "C:\\WINDOWS\\system32\\shell32.dll",
593. "C:\\Documents and Settings\\user\\Desktop\\shell32.dll",
594. "C:\\WINDOWS\\system32\\mspaint.exe",
595. "C:\\Python27\\python.exe",
596. "C:\\Documents and Settings\\user\\Local Settings\\Temp\\test",
597. "C:\\Documents and Settings\\user\\Local Settings\\History\\desktop.ini",
598. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021620180217\\",
599. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018022320180224\\",
600. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021520180216\\",
601. "C:\\WINDOWS\\system32\\shimgvw.dll",
602. "C:\\WINDOWS\\system32\\url.dll",
603. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021520180216\\desktop.ini",
604. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021620180217\\desktop.ini",
605. "C:\\WINDOWS\\Installer\\desktop.ini",
606. "C:\\WINDOWS\\system32\\usmt\\migwiz.exe",
607. "C:\\WINDOWS\\system32\\notepad.exe",
608. "C:\\WINDOWS\\system32\\shell32.dll.manifest",
609. "C:\\WINDOWS\\",
610. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021220180219\\",
611. "C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe",
612. "C:\\Documents and Settings\\user\\Local Settings\\Temp\\test:Zone.Identifier",
613. "C:\\WINDOWS\\system32\\mshtml.dll"
614. ],
615. "mutex": [
616. "c:!documents and settings!user!local settings!history!history.ie5!mshist012018021220180219!",
617. "ZonesCacheCounterMutex",
618. "c:!documents and settings!user!local settings!history!history.ie5!mshist012018021520180216!",
619. "Shell.CMruPidlList",
620. "c:!documents and settings!user!local settings!history!history.ie5!mshist012018022320180224!",
621. "ZonesCounterMutex",
622. "ZonesLockedCacheCounterMutex"
623. ],
624. "file_failed": [
625. "C:\\WINDOWS\\system32\\comctl32.dll.124.Config",
626. "C:\\WINDOWS\\system32\\comctl32.dll.124.Manifest"
627. ],
628. "guid": [
629. "{00000000-0000-0000-0000-000000000000}",
630. "{a5aca655-7fb8-43dc-a433-8d87b69c70a0}",
631. "{062e1261-a60e-11d0-82c2-00c04fd5ae38}",
632. "{9ba05972-f6a8-11cf-a442-00a0c90a8f39}",
633. "{0c6c4200-c589-11d0-999a-00c04fd655e1}",
634. "{25336920-03f9-11cf-8fd0-00aa00686f13}",
635. "{5b4dae26-b807-11d0-9815-00c04fd91972}",
636. "{42aedc87-2188-41fd-b9a3-0c966feabec1}",
637. "{00000000-0000-0000-c000-000000000046}",
638. "{38f69b16-f583-40fb-b262-5c764de868e8}",
639. "{79eac9ee-baf9-11ce-8c82-00aa004ba90b}",
640. "{01e04581-4eee-11d0-bfe9-00aa005b4383}",
641. "{eb0fe172-1a3a-11d0-89b3-00a0c90a90ac}",
642. "{000214e6-0000-0000-c000-000000000046}",
643. "{00000001-0000-0000-c000-000000000046}",
644. "{ff393560-c2a7-11cf-bff4-444553540000}",
645. "{47851649-a2ef-4e67-baec-c6a153ac72ec}",
646. "{750fdf0e-2a26-11d1-a3ea-080036587f03}",
647. "{a5e46e3a-8849-11d1-9d8c-00c04fc99d61}",
648. "{85cb6900-4d95-11cf-960c-0080c7f4ee85}",
649. "{7eb5fbe4-2100-49e6-8593-17e130122f91}",
650. "{fadb55b4-d382-4fc4-81d7-abb325c7f12a}",
651. "{79eac9ef-baf9-11ce-8c82-00aa004ba90b}",
652. "{50d5107a-d278-4871-8989-f4ceaaf59cfc}",
653. "{7b8a2d95-0ac9-11d1-896c-00c04fb6bfc4}",
654. "{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}",
655. "{ee1f7637-e138-11d1-8379-00c04fd918d0}",
656. "{3050f406-98b5-11cf-bb82-00aa00bdce0b}",
657. "{08c0e040-62d1-11d1-9326-0060b067b86e}"
658. ],
659. "file_read": [
660. "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Python 2.7\\Python (command line).lnk",
661. "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE",
662. "C:\\WINDOWS\\system32\\shell32.dll",
663. "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\MSN.lnk",
664. "C:\\WINDOWS\\system32\\shimgvw.dll",
665. "C:\\WINDOWS\\system32\\url.dll",
666. "C:\\Documents and Settings\\user\\Local Settings\\History\\desktop.ini",
667. "C:\\WINDOWS\\explorer.exe",
668. "C:\\WINDOWS\\system32\\mspaint.exe",
669. "C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe",
670. "C:\\Python27\\python.exe",
671. "C:\\WINDOWS\\system32\\notepad.exe",
672. "C:\\Documents and Settings\\user\\Local Settings\\Temp\\test",
673. "C:\\WINDOWS\\system32\\mshtml.dll",
674. "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Files and Settings Transfer Wizard.lnk"
675. ],
676. "regkey_read": [
677. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7005",
678. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\HideFolderVerbs",
679. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\accwiz.exe\\NoOpenWith",
680. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\shell\\open\\FriendlyAppName",
681. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CachePrefix",
682. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\ProgID\\(Default)",
683. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\RecommendedLevel",
684. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\DocObject",
685. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\IsShortcut",
686. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
687. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\ORGCHART.EXE\\NoOpenWith",
688. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSize",
689. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowseNewProcess\\BrowseNewProcess",
690. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\RecommendedLevel",
691. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\CallForAttributes",
692. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\(Default)",
693. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters\\Hostname",
694. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IEHardenWarnOnNav",
695. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\\InfoTip",
696. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\(Default)",
697. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\0",
698. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History\\DaysToKeep",
699. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
700. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\iexplore.exe",
701. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}",
702. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\snapview.exe\\NoOpenWith",
703. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\IsShortcut",
704. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetConnectDisconnect",
705. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\WantsFORDISPLAY",
706. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mshta.exe\\NoOpenWith",
707. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
708. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\AppID",
709. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Icon",
710. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
711. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{2559A1F7-21D7-11D4-BDAF-00C04F60B9F0}",
712. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\MSInfo32.exe\\NoOpenWith",
713. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\Attributes",
714. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\about",
715. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Display Inline Images",
716. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\msimn.exe\\NoOpenWith",
717. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
718. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
719. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\WantsFORDISPLAY",
720. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\WINDOWS\\system32\\shimgvw.dll",
721. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\perfmon.exe\\NoOpenWith",
722. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\\InProcServer32\\(Default)",
723. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\Attributes",
724. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1\\0\\NodeSlot",
725. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mobsync.exe\\NoOpenWith",
726. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\NoOpenWith",
727. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\Layout",
728. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\ShowDiscussionButton",
729. "HKEY_CLASSES_ROOT\\PerceivedType",
730. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFixedFontName",
731. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32\\(Default)",
732. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\DisplayName",
733. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.htm\\PerceivedType",
734. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\Attributes",
735. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\CheckDocumentForProgID",
736. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
737. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\SmallBitmap",
738. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IEHardenWarnOnNav",
739. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\MinLevel",
740. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\icwconn1.exe\\NoOpenWith",
741. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32\\(Default)",
742. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CachePath",
743. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
744. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\AlwaysAllowExecCommand",
745. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg 2",
746. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\LockDown_zones\\0\\RecommendedLevel",
747. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
748. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@shell32.dll,-21779",
749. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Use Stylesheets",
750. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021520180216\\CachePath",
751. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
752. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\LocalizedString",
753. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950",
754. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoToolbarCustomize",
755. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Extensions\\CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583}",
756. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@C:\\WINDOWS\\system32\\SHELL32.dll,-9319",
757. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Enable Browser Extensions",
758. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Description",
759. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\NodeSlot",
760. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\MinLevel",
761. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Size",
762. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Q300829",
763. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\shell\\edit\\command\\(Default)",
764. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\zipfldr.dll\\NoOpenWith",
765. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IEharden",
766. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mplayer.exe\\NoOpenWith",
767. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
768. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\CallForAttributes",
769. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\Locked",
770. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize",
771. "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemPartition",
772. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CurrentLevel",
773. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1\\0",
774. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\P3Global\\Enabled",
775. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\BrowseInPlace",
776. "HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
777. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
778. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters\\Domain",
779. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\(Default)",
780. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CacheOptions",
781. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\moviemk.exe\\NoOpenWith",
782. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\CallForAttributes",
783. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{FF393560-C2A7-11CF-BFF4-444553540000} {062E1261-A60E-11D0-82C2-00C04FD5AE38} 0x401",
784. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\WantsFORDISPLAY",
785. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
786. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\News\\(Default)",
787. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\AcceptLanguage",
788. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shscrap.dll\\NoOpenWith",
789. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\graflink.exe\\NoOpenWith",
790. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\CheckVersion",
791. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\ShowGoButton",
792. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\LocalServer32\\LocalServer32",
793. "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
794. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\NoText",
795. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\ButtonText",
796. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wpnpinst.exe\\NoOpenWith",
797. "HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\MenuPopup\\.Current\\(Default)",
798. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021620180217\\CachePath",
799. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\ShowGoButton",
800. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Show_FullURL",
801. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\New Windows\\EnableHooks",
802. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\Attributes",
803. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{750fdf0e-2a26-11d1-a3ea-080036587f03}\\InProcServer32\\LoadWithoutCOM",
804. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_MK_PROTOCOL\\iexplore.exe",
805. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Q331869",
806. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked\\{FF393560-C2A7-11CF-BFF4-444553540000}",
807. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\CMMGR32.EXE\\NoOpenWith",
808. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tahoma",
809. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Move System Caret",
810. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\msconf.dll\\NoOpenWith",
811. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\LocalServer32\\(Default)",
812. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\sndvol32.exe\\NoOpenWith",
813. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\Offline Files\\(Default)",
814. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\LocalizedString",
815. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003\\Flags",
816. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\\InProcServer32\\(Default)",
817. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Visited",
818. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
819. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{E2E2DD38-D088-4134-82B7-F2BA38496583}\\iexplore\\Count",
820. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\2100",
821. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\MinLevel",
822. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\faxcover.exe\\NoOpenWith",
823. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\datainst.exe\\NoOpenWith",
824. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{750fdf0e-2a26-11d1-a3ea-080036587f03}\\InProcServer32\\(Default)",
825. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\Ttxmpc97.exe\\NoOpenWith",
826. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\NodeSlot",
827. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7004",
828. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\helpctr.exe\\NoOpenWith",
829. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7001",
830. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\MRUListEx",
831. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\shell\\edit\\command\\(Default)",
832. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
833. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ef61f5f2-1227-11e8-94f0-806d6172696f}\\Data",
834. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003\\UserPreference",
835. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}",
836. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\NodeSlots",
837. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\IntegratedBrowser",
838. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\AppCompatibility\\DisableAppCompat",
839. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\BrowseInPlace",
840. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\Outlook.EXE\\NoOpenWith",
841. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\cryptext.dll\\NoOpenWith",
842. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
843. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
844. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
845. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\MMC.exe\\NoOpenWith",
846. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\realmon.exe\\NoOpenWith",
847. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\regedit.exe\\NoOpenWith",
848. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\CChat.exe\\NoOpenWith",
849. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\BackBitmapShell",
850. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\rasphone.exe\\NoOpenWith",
851. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\NeverShowExt",
852. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\shell\\open\\FriendlyAppName",
853. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU\\a",
854. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}",
855. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7020",
856. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text/plain\\CLSID",
857. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\MiscFlags",
858. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\CallForAttributes",
859. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7b8a2d95-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32\\(Default)",
860. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\CallForAttributes",
861. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Enable Browser Extensions",
862. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\DefaultIcon\\(Default)",
863. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\RecommendedLevel",
864. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003\\ProfileImagePath",
865. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
866. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
867. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021520180216\\CacheLimit",
868. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\RecommendedLevel",
869. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\navwnt.exe\\NoOpenWith",
870. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CacheRepair",
871. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}",
872. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Disable_Local_Machine_Navigate",
873. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\UseHR",
874. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021620180217\\CachePrefix",
875. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel",
876. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Force Offscreen Composition",
877. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\dsquery.dll\\NoOpenWith",
878. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\url.dll\\NoOpenWith",
879. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
880. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Icon",
881. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\DriverCachePath",
882. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\Description",
883. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
884. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CacheLimit",
885. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\LockDown_zones\\0\\MinLevel",
886. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Disable Script Debugger",
887. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\\InProcServer32\\(Default)",
888. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
889. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Description",
890. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
891. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Icon",
892. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\shell\\open\\command\\(Default)",
893. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shell32.dll\\NoOpenWith",
894. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetHood",
895. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\(Default)",
896. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\shell\\open\\command\\(Default)",
897. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\RtfConverterFlags",
898. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\CLSID\\(Default)",
899. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\MenuStatusBar",
900. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\MinLevel",
901. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\depends.exe\\NoOpenWith",
902. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\oledb32.dll\\NoOpenWith",
903. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mnyimprt.exe\\NoOpenWith",
904. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\DisplayName",
905. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shdocvw.dll\\NoOpenWith",
906. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\Attributes",
907. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\4",
908. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\MenuText",
909. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Play_Animations",
910. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1\\MRUListEx",
911. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\WINWORD.EXE\\NoOpenWith",
912. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{2227A280-3AEA-1069-A2DE-08002B30309D}",
913. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\Use Anchor Hover Color",
914. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\Default_CodePage",
915. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
916. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\clsid",
917. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\grpconv.exe\\NoOpenWith",
918. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\winhlp32.exe\\NoOpenWith",
919. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\NeverShowExt",
920. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\CallForAttributes",
921. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0x401",
922. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\Scripts\\Default_IEFontSize",
923. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\WB32.EXE\\NoOpenWith",
924. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\Anchor Color",
925. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021520180216\\CacheRepair",
926. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.htm\\Content Type",
927. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewWatermark",
928. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\\QueryForInfoTip",
929. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\REGDBVersion",
930. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\http\\DefaultIcon\\(Default)",
931. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@xpsp1res.dll,-10077",
932. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\inoculan.exe\\NoOpenWith",
933. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\CompareJunctionness",
934. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoShellSearchButton",
935. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\WINDOWS\\system32\\mspaint.exe",
936. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
937. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\LoadWithoutCOM",
938. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Print_Background",
939. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\Attributes",
940. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\shell\\(Default)",
941. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\MinLevel",
942. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\shell\\(Default)",
943. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileAssociation\\CutList",
944. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
945. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\NoOpenWith",
946. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel",
947. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\OSA.EXE\\NoOpenWith",
948. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\CurrentLevel",
949. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SpecifyDefaultButtons",
950. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\Application",
951. "HKEY_LOCAL_MACHINE\\SYSTEM\\WPA\\PnP\\seed",
952. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\shell\\open\\FriendlyAppName",
953. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@xpsp3res.dll,-20001",
954. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS\\iexplore.exe",
955. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Play_Background_Sounds",
956. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\InprocServer32",
957. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{FF393560-C2A7-11CF-BFF4-444553540000} {062E1261-A60E-11D0-82C2-00C04FD5AE38} 0x401",
958. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\ShowFonts",
959. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos",
960. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\Offline Files\\SuppressionPolicy",
961. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021520180216\\CachePrefix",
962. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\{1E796980-9CC5-11D1-A83F-00C04FC99D61}",
963. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\hh.exe\\NoOpenWith",
964. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\RecommendedLevel",
965. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Q051873",
966. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\ARTGALRY.EXE\\NoOpenWith",
967. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
968. "HKEY_CURRENT_USER\\Control Panel\\International\\NumShape",
969. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Description",
970. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\1809",
971. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\NoOpenWith",
972. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\*",
973. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\\QueryForInfoTip",
974. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\\LocalizedString",
975. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SmallIcons",
976. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
977. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogPath",
978. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
979. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\NoOpenWith",
980. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
981. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Max Cached Icons",
982. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wab.exe\\NoOpenWith",
983. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021620180217\\CacheOptions",
984. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked\\{FF393560-C2A7-11CF-BFF4-444553540000}",
985. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@%SystemRoot%\\system32\\usmt\\migwiz.exe,-203",
986. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\netshell.dll\\NoOpenWith",
987. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021620180217\\CacheLimit",
988. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\shell\\(Default)",
989. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
990. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\Script",
991. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CacheOptions",
992. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
993. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
994. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
995. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Face",
996. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IsTextPlainHonored",
997. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\clipbrd.exe\\NoOpenWith",
998. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
999. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\DisplayName",
1000. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewScrollOver",
1001. "HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics\\Shell Small Icon Size",
1002. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\shell\\edit\\FriendlyAppName",
1003. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\Python27\\python.exe",
1004. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\BackBitmap",
1005. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\finder.exe\\NoOpenWith",
1006. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1\\0\\MRUListEx",
1007. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\mspaint.exe\\shell\\(Default)",
1008. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018022320180224\\CacheRepair",
1009. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CacheLimit",
1010. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.html\\Content Type",
1011. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5b4dae26-b807-11d0-9815-00c04fd91972}\\InProcServer32\\(Default)",
1012. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\NeverShowExt",
1013. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\shimgvw.dll\\shell\\open\\command\\(Default)",
1014. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\*",
1015. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\\LocalizedString",
1016. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
1017. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@shell32.dll,-21790",
1018. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OBJECT_CACHING\\iexplore.exe",
1019. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
1020. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\rnaui.dll\\NoOpenWith",
1021. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileAssociate",
1022. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\shell\\(Default)",
1023. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRecentDocsHistory",
1024. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0x401",
1025. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ClassicViewState",
1026. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1\\NodeSlot",
1027. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\CurrentLevel",
1028. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SmartDithering",
1029. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UsePathEnvVarForCommandTemplates",
1030. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\fpidcwiz.exe\\NoOpenWith",
1031. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003\\ProfileLoadTimeLow",
1032. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU Size",
1033. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewScrollOver",
1034. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\iexplore.exe",
1035. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\ShellEx\\{00021500-0000-0000-C000-000000000046}\\(Default)",
1036. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetOpenWith",
1037. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\New Windows\\PopupMgr",
1038. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\awdvstub.exe\\NoOpenWith",
1039. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\about",
1040. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\Attributes",
1041. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\NoOpenWith",
1042. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU\\MRUList",
1043. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\AutoDetect",
1044. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\StatusBarWeb",
1045. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\BrandBitmap",
1046. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\iexplore.exe",
1047. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Anchor Underline",
1048. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Page_Transitions",
1049. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\ServicePackSourcePath",
1050. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\Program Files\\Windows NT\\Accessories\\WORDPAD.EXE",
1051. "HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics\\Shell Icon Size",
1052. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\drwatson.exe\\NoOpenWith",
1053. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\BigBitmap",
1054. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\IsShortcut",
1055. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Use_DlgBox_Colors",
1056. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\ISIGNUP.EXE\\NoOpenWith",
1057. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
1058. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\Progid",
1059. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\WScript.exe\\NoOpenWith",
1060. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021620180217\\CacheRepair",
1061. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\shell\\open\\command\\(Default)",
1062. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\\InfoTip",
1063. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1\\0\\0",
1064. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoneLegacyShellMode",
1065. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\DisplayName",
1066. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\AlwaysShowExt",
1067. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\\QueryForInfoTip",
1068. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WINDOW_RESTRICTIONS\\iexplore.exe",
1069. "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OsLoaderPath",
1070. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\cdfview.dll\\NoOpenWith",
1071. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Allow Programmatic Cut_Copy_Paste",
1072. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021520180216\\CacheOptions",
1073. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\msiexec.exe\\NoOpenWith",
1074. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_POPUPMANAGEMENT\\iexplore.exe",
1075. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HideFolderVerbs",
1076. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003\\State",
1077. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\iexplore.exe\\shell\\open\\FriendlyAppName",
1078. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\HYPERTRM.EXE\\NoOpenWith",
1079. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\WantsFORDISPLAY",
1080. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\WINDOWS\\system32\\NOTEPAD.EXE",
1081. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
1082. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogLevel",
1083. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ef61f5f2-1227-11e8-94f0-806d6172696f}\\Generation",
1084. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\DisableScriptDebuggerIE",
1085. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@C:\\WINDOWS\\system32\\SHELL32.dll,-9227",
1086. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
1087. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\Always Use My Colors",
1088. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Hover",
1089. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\ntbackup.exe\\NoOpenWith",
1090. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInterval",
1091. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\Attributes",
1092. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CachePath",
1093. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\\LocalizedString",
1094. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\EnforceShellExtensionSecurity",
1095. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\themes.exe\\NoOpenWith",
1096. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Description",
1097. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInset",
1098. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0",
1099. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Icon",
1100. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\LocalizedString",
1101. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\Exec",
1102. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\EditFlags",
1103. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018021220180219\\CachePrefix",
1104. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Cleanup HTCs",
1105. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\htmlfile\\DocObject",
1106. "HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics\\Shell Icon Bpp",
1107. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\(Default)",
1108. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollDelay",
1109. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\LangID",
1110. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\iexplore.exe",
1111. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaximumAllowedAllocationSize",
1112. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\\InProcServer32\\(Default)",
1113. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\notepad.exe\\NoOpenWith",
1114. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\AlwaysShowExt",
1115. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7021",
1116. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@explorer.exe,-7023",
1117. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.html\\(Default)",
1118. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\SmoothScroll",
1119. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowCLSIDPROGIDMapping",
1120. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Enable_MyPics_Hoverbar",
1121. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\kodakprv.EXE\\NoOpenWith",
1122. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{e2e2dd38-d088-4134-82b7-f2ba38496583}\\MenuCustomize",
1123. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\1",
1124. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\shell\\(Default)",
1125. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show image placeholders",
1126. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\inetcpl.cpl\\NoOpenWith",
1127. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\moviemk.exe\\shell\\(Default)",
1128. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\python.exe\\shell\\open\\FriendlyAppName",
1129. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\OpenWithList\\MRUList",
1130. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wltmime.exe\\NoOpenWith",
1131. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\fontview.exe\\NoOpenWith",
1132. "HKEY_CLASSES_ROOT\\(Default)",
1133. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ef61f5f0-1227-11e8-94f0-806d6172696f}\\Generation",
1134. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.htm\\(Default)",
1135. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\CallForAttributes",
1136. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Expand Alt Text",
1137. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Settings",
1138. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\cag.exe\\NoOpenWith",
1139. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\AlwaysShowExt",
1140. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU\\0\\MRUListEx",
1141. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003\\ProfileLoadTimeHigh",
1142. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\\LocalizedString",
1143. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ef61f5f0-1227-11e8-94f0-806d6172696f}\\Data",
1144. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\msrating.dll\\NoOpenWith",
1145. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\CheckDocumentForProgID",
1146. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\explorer.exe\\NoOpenWith",
1147. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
1148. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
1149. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
1150. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
1151. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\iexplore.exe",
1152. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\VisibleBands",
1153. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\iexplore.exe",
1154. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
1155. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\wordpad.exe\\shell\\open\\command\\(Default)",
1156. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\UseThemes",
1157. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\DisplayName",
1158. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEPropFontName",
1159. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0\\Icon",
1160. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-839522115-813497703-1060284298-1003\\CentralProfile",
1161. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Ratings\\Key",
1162. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\ServicePackCachePath",
1163. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
1164. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
1165. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\@C:\\WINDOWS\\system32\\SHELL32.dll,-9216",
1166. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\\ShellFolder\\WantsFORDISPLAY",
1167. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\SmBrandBitmap",
1168. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
1169. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\CSS_Compat",
1170. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\\InfoTip",
1171. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache\\C:\\Program Files\\Internet Explorer\\iexplore.exe"
1172. ],
1173. "directory_enumerated": [
1174. "C:\\Documents and Settings",
1175. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021620180217\\*.*",
1176. "C:\\Documents and Settings\\user",
1177. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021520180216\\*.*",
1178. "C:\\Documents and Settings\\user\\Local Settings\\Temp",
1179. "C:\\Documents and Settings\\user\\Local Settings\\History",
1180. "C:\\WINDOWS\\Installer\\{16E52445-1392-469F-9ADB-FC03AF00CD61}\\python_icon.exe",
1181. "C:\\Documents and Settings\\user\\Local Settings\\Temp\\test",
1182. "C:\\WINDOWS",
1183. "C:\\Documents and Settings\\user\\Local Settings",
1184. "C:\\WINDOWS\\Installer\\{16E52445-1392-469F-9ADB-FC03AF00CD61}",
1185. "C:\\WINDOWS\\Installer"
1186. ],
1187. "directory_created": [
1188. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018021220180219\\",
1189. "C:\\Documents and Settings\\user\\Local Settings\\History\\History.IE5\\MSHist012018022320180224\\"
1190. ]
1191. }