Analysis Report · CAPE Sandbox

Analysis Details

Category	Package	Started	Completed	Duration	Options	Logs
FILE	exe	2026-06-29 10:54:32	2026-06-29 10:55:32	60s
Reports	JSON

Options

vnc_port=5900

Analysis Log

2026-06-28 14:55:57,564 [root] INFO: Date set to: 20260629T10:54:37, timeout set to: 25
2026-06-29 10:54:37,554 [root] DEBUG: Starting analyzer from: C:\7d7wfxi0
2026-06-29 10:54:37,555 [root] DEBUG: Storing results at: C:\jXRqFQqtn
2026-06-29 10:54:37,690 [root] DEBUG: Pipe server name: \\.\PIPE\SRwXNL
2026-06-29 10:54:37,693 [root] DEBUG: Python path: C:\Users\Rajesh\AppData\Local\Programs\Python\Python314
2026-06-29 10:54:37,693 [root] INFO: analysis running as an admin
2026-06-29 10:54:37,693 [root] INFO: analysis package specified: "exe"
2026-06-29 10:54:37,693 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2026-06-29 10:54:37,706 [root] DEBUG: imported analysis package "exe"
2026-06-29 10:54:37,706 [root] DEBUG: initializing analysis package "exe"...
2026-06-29 10:54:37,706 [lib.common.common] INFO: no wrapping
2026-06-29 10:54:37,706 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation
2026-06-29 10:54:37,707 [root] DEBUG: New location of moved file: C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe
2026-06-29 10:54:37,707 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll option
2026-06-29 10:54:37,707 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll_64 option
2026-06-29 10:54:37,708 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2026-06-29 10:54:37,708 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2026-06-29 10:54:39,834 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2026-06-29 10:54:39,844 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2026-06-29 10:54:39,944 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2026-06-28 14:56:01,645 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2026-06-28 14:56:01,651 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2026-06-28 14:56:01,652 [lib.api.screenshot] ERROR: No module named 'PIL'
2026-06-28 14:56:01,653 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2026-06-28 14:56:01,660 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2026-06-28 14:56:01,660 [root] DEBUG: Initialized auxiliary module "Browser"
2026-06-28 14:56:01,661 [root] DEBUG: attempting to configure 'Browser' from data
2026-06-28 14:56:01,663 [root] DEBUG: module Browser does not support data configuration, ignoring
2026-06-28 14:56:01,664 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2026-06-28 14:56:01,670 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2026-06-28 14:56:01,672 [root] DEBUG: Initialized auxiliary module "DigiSig"
2026-06-28 14:56:01,673 [root] DEBUG: attempting to configure 'DigiSig' from data
2026-06-28 14:56:01,674 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2026-06-28 14:56:01,675 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2026-06-28 14:56:01,675 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2026-06-28 14:56:02,351 [modules.auxiliary.digisig] DEBUG: File has an invalid signature
2026-06-28 14:56:02,352 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2026-06-28 14:56:02,360 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2026-06-28 14:56:02,361 [root] DEBUG: Initialized auxiliary module "Disguise"
2026-06-28 14:56:02,361 [root] DEBUG: attempting to configure 'Disguise' from data
2026-06-28 14:56:02,361 [root] DEBUG: module Disguise does not support data configuration, ignoring
2026-06-28 14:56:02,362 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2026-06-28 14:56:02,364 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 836)
2026-06-28 14:56:02,370 [modules.auxiliary.disguise] INFO: Disguising GUID to e06ee56f-3f97-4fb9-8eff-130f7e2f067f
2026-06-28 14:56:02,370 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2026-06-28 14:56:02,370 [root] DEBUG: Initialized auxiliary module "Human"
2026-06-28 14:56:02,371 [root] DEBUG: attempting to configure 'Human' from data
2026-06-28 14:56:02,371 [root] DEBUG: module Human does not support data configuration, ignoring
2026-06-28 14:56:02,372 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2026-06-28 14:56:02,373 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2026-06-28 14:56:02,373 [root] DEBUG: Initialized auxiliary module "Screenshots"
2026-06-28 14:56:02,374 [root] DEBUG: attempting to configure 'Screenshots' from data
2026-06-28 14:56:02,375 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2026-06-28 14:56:02,375 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2026-06-28 14:56:02,384 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2026-06-28 14:56:02,384 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2026-06-28 14:56:02,385 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2026-06-28 14:56:02,385 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2026-06-28 14:56:02,385 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2026-06-28 14:56:02,385 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2026-06-28 14:56:02,389 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process
2026-06-28 14:56:02,389 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2026-06-28 14:56:08,369 [root] INFO: Restarting WMI Service
2026-06-28 14:56:10,571 [root] DEBUG: package modules.packages.exe does not support configure, ignoring
2026-06-28 14:56:10,574 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'
2026-06-28 14:56:10,575 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation
2026-06-28 14:56:10,585 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe" with arguments "" with pid 4500
2026-06-28 14:56:10,586 [lib.api.process] INFO: Monitor config for process 4500: C:\7d7wfxi0\dll\4500.ini
2026-06-28 14:56:10,604 [lib.api.process] INFO: 32-bit DLL to inject is C:\7d7wfxi0\dll\KYwIXTPC.dll, loader C:\7d7wfxi0\bin\cyFsYoS.exe
2026-06-28 14:56:10,630 [root] DEBUG: Loader: Injecting process 4500 (thread 2784) with C:\7d7wfxi0\dll\KYwIXTPC.dll.
2026-06-28 14:56:10,631 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2026-06-28 14:56:10,632 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2026-06-28 14:56:10,633 [root] DEBUG: Successfully injected DLL C:\7d7wfxi0\dll\KYwIXTPC.dll.
2026-06-28 14:56:10,637 [lib.api.process] INFO: Injected into 32-bit <Process 4500 HTMLive.exe>
2026-06-28 14:56:12,652 [lib.api.process] INFO: Successfully resumed process with pid 4500
2026-06-28 14:56:12,710 [root] DEBUG: 4500: Python path set to 'C:\Users\Rajesh\AppData\Local\Programs\Python\Python314'.
2026-06-28 14:56:12,715 [root] DEBUG: 4500: Disabling sleep skipping.
2026-06-28 14:56:12,716 [root] DEBUG: 4500: Dropped file limit defaulting to 100.
2026-06-28 14:56:12,745 [root] DEBUG: 4500: YaraInit: Compiled 44 rule files
2026-06-28 14:56:12,749 [root] DEBUG: 4500: YaraInit: Compiled rules saved to file C:\7d7wfxi0\data\yara\capemon.yac
2026-06-28 14:56:12,750 [root] DEBUG: 4500: YaraScan: Scanning 0x00B60000, size 0x218
2026-06-28 14:56:12,755 [root] DEBUG: 4500: Monitor initialised: 32-bit capemon loaded in process 4500 at 0x742d0000, thread 2784, image base 0xb60000, stack from 0xf32000-0xf40000
2026-06-28 14:56:12,756 [root] DEBUG: 4500: Commandline: "C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe"
2026-06-28 14:56:12,825 [root] DEBUG: 4500: hook_api: LdrpCallInitRoutine export address 0x76F72980 obtained via GetFunctionAddress
2026-06-28 14:56:12,853 [root] DEBUG: 4500: hook_api: Warning - SetWindowLongW export address 0x75D57CC0 differs from GetProcAddress -> 0x745E5820 (apphelp.dll::0xfe8c5820)
2026-06-28 14:56:12,855 [root] DEBUG: 4500: hook_api: Warning - EnumDisplayDevicesA export address 0x75D4BE40 differs from GetProcAddress -> 0x745E65C0 (apphelp.dll::0xfe8c65c0)
2026-06-28 14:56:12,856 [root] DEBUG: 4500: hook_api: Warning - EnumDisplayDevicesW export address 0x75D62430 differs from GetProcAddress -> 0x7460E230 (apphelp.dll::0xfe8ee230)
2026-06-28 14:56:12,859 [root] DEBUG: 4500: hook_api: Trampoline creation failed for GetCommandLineA, retrying with HOOK_SAFEST
2026-06-28 14:56:12,860 [root] DEBUG: 4500: hook_api: Trampoline creation failed for GetCommandLineW, retrying with HOOK_SAFEST
2026-06-28 14:56:12,875 [root] DEBUG: 4500: Hooked 635 out of 635 functions
2026-06-28 14:56:12,876 [root] DEBUG: 4500: Syscall hook installed, syscall logging level 1
2026-06-28 14:56:12,886 [root] INFO: Loaded monitor into process with pid 4500
2026-06-28 14:56:12,908 [root] DEBUG: 4500: DLL loaded at 0x74200000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x8d000 bytes).
2026-06-28 14:56:12,936 [root] DEBUG: 4500: DLL loaded at 0x74CF0000: C:\Windows\SYSTEM32\kernel.appcore (0xf000 bytes).
2026-06-28 14:56:12,939 [root] DEBUG: 4500: DLL loaded at 0x741F0000: C:\Windows\SYSTEM32\VERSION (0x8000 bytes).
2026-06-28 14:56:12,999 [root] DEBUG: 4500: DLL loaded at 0x73960000: C:\Windows\SYSTEM32\ucrtbase_clr0400 (0xab000 bytes).
2026-06-28 14:56:13,001 [root] DEBUG: 4500: DLL loaded at 0x73A10000: C:\Windows\SYSTEM32\VCRUNTIME140_CLR0400 (0x14000 bytes).
2026-06-28 14:56:13,003 [root] DEBUG: 4500: DLL loaded at 0x73A30000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x7b1000 bytes).
2026-06-28 14:56:13,152 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x01293000, size: 0x1000.
2026-06-28 14:56:13,153 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x01290000
2026-06-28 14:56:13,183 [root] DEBUG: 4500: api-rate-cap: NtQueryPerformanceCounter hook disabled due to rate
2026-06-28 14:56:13,195 [root] DEBUG: 4500: DLL loaded at 0x73950000: C:\Windows\SYSTEM32\WTSAPI32 (0xf000 bytes).
2026-06-28 14:56:13,209 [root] DEBUG: 4500: DLL loaded at 0x73900000: C:\Windows\SYSTEM32\WINSTA (0x47000 bytes).
2026-06-28 14:56:13,338 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x07B20000, size: 0x1000.
2026-06-28 14:56:13,372 [root] DEBUG: 4500: DLL loaded at 0x769D0000: C:\Windows\System32\bcryptPrimitives (0x5f000 bytes).
2026-06-28 14:56:13,379 [root] DEBUG: 4500: DLL loaded at 0x73880000: C:\Windows\system32\uxtheme (0x74000 bytes).
2026-06-28 14:56:13,397 [root] DEBUG: 4500: hook_api: clrjit::compileMethod export address 0x737F3700 obtained via GetFunctionAddress
2026-06-28 14:56:13,401 [root] DEBUG: 4500: DLL loaded at 0x737F0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x8a000 bytes).
2026-06-28 14:56:13,420 [root] DEBUG: 4500: .NET JIT native cache at 0x07B20000: scans and dumps active.
2026-06-28 14:56:13,433 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07B20000 skipped
2026-06-28 14:56:13,495 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x04645000, size: 0x1000.
2026-06-28 14:56:13,497 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x04640000
2026-06-28 14:56:13,508 [root] DEBUG: 4500: AllocationHandler: Allocation already in tracked region list: 0x07B20000.
2026-06-28 14:56:13,684 [root] DEBUG: 4500: .NET JIT native cache at 0x07CF0000: scans and dumps active.
2026-06-28 14:56:13,691 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07CF0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07CF2F53, thread 2784).
2026-06-28 14:56:13,692 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07CF0000 skipped
2026-06-28 14:56:13,693 [root] DEBUG: 4500: AllocationHandler: Allocation already in tracked region list: 0x01290000.
2026-06-28 14:56:13,731 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x07CF0000, committing at: 0x07CF9000.
2026-06-28 14:56:13,785 [root] DEBUG: 4500: .NET JIT native cache at 0x07D40000: scans and dumps active.
2026-06-28 14:56:13,792 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07D40000 to tracked regions list (ntdll::NtQueryInformationThread returns to 0x07D41341, thread 2784).
2026-06-28 14:56:13,793 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07D40000 skipped
2026-06-28 14:56:14,059 [root] DEBUG: 4500: .NET JIT native cache at 0x07E40000: scans and dumps active.
2026-06-28 14:56:14,062 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07E40000 to tracked regions list (ntdll::LdrGetDllHandle returns to 0x07E40A1A, thread 2784).
2026-06-28 14:56:14,063 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07E40000 skipped
2026-06-28 14:56:14,104 [root] DEBUG: 4500: DLL loaded at 0x737D0000: C:\Windows\SYSTEM32\CRYPTSP (0x13000 bytes).
2026-06-28 14:56:14,107 [root] DEBUG: 4500: DLL loaded at 0x737A0000: C:\Windows\system32\rsaenh (0x2f000 bytes).
2026-06-28 14:56:14,128 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x0463A000, size: 0x1000.
2026-06-28 14:56:14,207 [root] DEBUG: 4500: .NET JIT native cache at 0x07E70000: scans and dumps active.
2026-06-28 14:56:14,209 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07E70000 to tracked regions list (ntdll::NtCreateFile returns to 0x07E700F3, thread 2784).
2026-06-28 14:56:14,209 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07E70000 skipped
2026-06-28 14:56:14,241 [root] DEBUG: 4500: DLL loaded at 0x746B0000: C:\Windows\SYSTEM32\Wldp (0x24000 bytes).
2026-06-28 14:56:14,244 [root] DEBUG: 4500: DLL loaded at 0x746E0000: C:\Windows\SYSTEM32\windows.storage (0x608000 bytes).
2026-06-28 14:56:14,247 [root] DEBUG: 4500: DLL loaded at 0x755E0000: C:\Windows\System32\SHCORE (0x87000 bytes).
2026-06-28 14:56:14,253 [root] DEBUG: 4500: DLL loaded at 0x73780000: C:\Windows\SYSTEM32\profapi (0x18000 bytes).
2026-06-28 14:56:14,370 [root] DEBUG: 4500: .NET JIT native cache at 0x07F70000: scans and dumps active.
2026-06-28 14:56:14,380 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07F70000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07F70422, thread 2784).
2026-06-28 14:56:14,381 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07F70000 skipped
2026-06-28 14:56:14,491 [root] DEBUG: 4500: .NET JIT native cache at 0x07F30000: scans and dumps active.
2026-06-28 14:56:14,498 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07F30000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07F30778, thread 2784).
2026-06-28 14:56:14,499 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07F30000 skipped
2026-06-28 14:56:14,591 [root] DEBUG: 4500: DLL loaded at 0x736F0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\comctl32 (0x8d000 bytes).
2026-06-28 14:56:14,608 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x07F30000, committing at: 0x07F3E000.
2026-06-28 14:56:14,610 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x012AD000, size: 0x1000.
2026-06-28 14:56:14,625 [root] DEBUG: 4500: .NET JIT native cache at 0x07FA0000: scans and dumps active.
2026-06-28 14:56:14,627 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07FA0000 to tracked regions list (ntdll::LdrGetDllHandle returns to 0x07FA0689, thread 2784).
2026-06-28 14:56:14,628 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07FA0000 skipped
2026-06-28 14:56:14,706 [root] DEBUG: 4500: InstrumentationCallback: Added region at 0x751524AC (base 0x75130000) to tracked regions list (thread 2784).
2026-06-28 14:56:14,707 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll is in known range, skipping
2026-06-28 14:56:14,709 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x07FA0000, committing at: 0x07FA8000.
2026-06-28 14:56:14,723 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x7FCF0000, size: 0x50000.
2026-06-28 14:56:14,724 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x7FCF0000
2026-06-28 14:56:14,725 [root] DEBUG: 4500: AllocationHandler: Processing previous tracked region at: 0x07FA0000.
2026-06-28 14:56:14,726 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07FA0000 skipped
2026-06-28 14:56:14,727 [root] DEBUG: 4500: AllocationHandler: Memory region (size 0x50000) reserved but not committed at 0x7FCF0000.
2026-06-28 14:56:14,728 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x7FCF0000, committing at: 0x7FCF0000.
2026-06-28 14:56:14,729 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x7FCE0000, size: 0x10000.
2026-06-28 14:56:14,730 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x7FCE0000
2026-06-28 14:56:14,731 [root] DEBUG: 4500: AllocationHandler: Processing previous tracked region at: 0x7FCF0000.
2026-06-28 14:56:14,732 [root] DEBUG: 4500: ProcessTrackedRegion: Entropy for tracked region at 0x7FCF0000: 1.341173e-01
2026-06-28 14:56:14,733 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x7FCF0000 - 0x7FCF003C.
2026-06-28 14:56:14,734 [root] DEBUG: 4500: ScanForDisguisedPE: Size too small: 0x3c bytes
2026-06-28 14:56:14,742 [lib.common.results] INFO: Uploading file C:\jXRqFQqtn\CAPE\4500_1415353514562128062026 to CAPE\31224ad4f6c7504ce6f7e40fa315803be21124a78eac135ddd82b8eaba18535b; Size is 60; Max size: 100000000
2026-06-28 14:56:14,747 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\jXRqFQqtn\CAPE\4500_1415353514562128062026 (size 60 bytes)
2026-06-28 14:56:14,748 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x7FCF0000, size 4096 bytes.
2026-06-28 14:56:14,749 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x7FCF0000.
2026-06-28 14:56:14,749 [root] DEBUG: 4500: YaraScan: Scanning 0x7FCF0000, size 0x3c
2026-06-28 14:56:14,750 [root] DEBUG: 4500: AllocationHandler: Memory region (size 0x10000) reserved but not committed at 0x7FCE0000.
2026-06-28 14:56:14,751 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x7FCE0000, committing at: 0x7FCE0000.
2026-06-28 14:56:14,830 [root] DEBUG: 4500: .NET JIT native cache at 0x07FE0000: scans and dumps active.
2026-06-28 14:56:14,841 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07FE0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07FE6E67, thread 2784).
2026-06-28 14:56:14,842 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07FE0000 skipped
2026-06-28 14:56:14,904 [root] DEBUG: 4500: .NET JIT native cache at 0x08030000: scans and dumps active.
2026-06-28 14:56:14,915 [root] DEBUG: 4500: caller_dispatch: Added region at 0x08030000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x08031174, thread 2784).
2026-06-28 14:56:14,916 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x08030000 skipped
2026-06-28 14:56:14,969 [root] DEBUG: 4500: DLL loaded at 0x73650000: C:\Windows\SYSTEM32\USP10 (0x17000 bytes).
2026-06-28 14:56:14,970 [root] DEBUG: 4500: DLL loaded at 0x73610000: C:\Windows\SYSTEM32\msls31 (0x31000 bytes).
2026-06-28 14:56:14,971 [root] DEBUG: 4500: DLL loaded at 0x73670000: C:\Windows\SYSTEM32\RichEd20 (0x7a000 bytes).
2026-06-28 14:56:15,038 [root] DEBUG: 4500: DLL loaded at 0x734A0000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_d9539a9fe102720c\gdiplus (0x169000 bytes).
2026-06-28 14:56:15,065 [root] DEBUG: 4500: DLL loaded at 0x73290000: C:\Windows\SYSTEM32\DWrite (0x210000 bytes).
2026-06-28 14:56:15,069 [root] DEBUG: 4500: DLL loaded at 0x768E0000: C:\Windows\System32\MSCTF (0xd3000 bytes).
2026-06-29 03:55:00,531 [root] DEBUG: 4500: .NET JIT native cache at 0x08B80000: scans and dumps active.
2026-06-29 03:55:00,534 [root] DEBUG: 4500: caller_dispatch: Added region at 0x08B80000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x08B80105, thread 2784).
2026-06-29 03:55:00,535 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x08B80000 skipped
2026-06-29 03:55:00,627 [root] DEBUG: 4500: ProcessTrackedRegion: Updated entropy for tracked region at 0x012A0000: 3.425831e+00 (from 3.129104e+00)
2026-06-29 03:55:00,629 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x012A0000 - 0x012AB54A.
2026-06-29 03:55:00,630 [root] DEBUG: 4500: ScanForDisguisedPE: No PE image located in range 0x012A0000-0x012AB54A.
2026-06-29 03:55:00,633 [lib.common.results] INFO: Uploading file C:\jXRqFQqtn\CAPE\4500_99875000551029162026 to CAPE\ee5f16dc47945cae528752f9a1c59316cfb9d941272eb7a2f00ebe0d074f2720; Size is 46410; Max size: 100000000
2026-06-29 03:55:00,638 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\jXRqFQqtn\CAPE\4500_99875000551029162026 (size 46410 bytes)
2026-06-29 03:55:00,639 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x012A0000, size 49152 bytes.
2026-06-29 03:55:00,640 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x012A0000.
2026-06-29 03:55:00,640 [root] DEBUG: 4500: YaraScan: Scanning 0x012A0000, size 0xb54a
2026-06-29 03:55:00,698 [root] DEBUG: 4500: .NET JIT native cache at 0x09300000: scans and dumps active.
2026-06-29 03:55:00,707 [root] DEBUG: 4500: caller_dispatch: Added region at 0x09300000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x0930165B, thread 2784).
2026-06-29 03:55:00,708 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x09300000 skipped
2026-06-29 03:55:00,849 [root] DEBUG: 4500: DLL loaded at 0x76A30000: C:\Windows\System32\clbcatq (0x7e000 bytes).
2026-06-29 03:55:00,868 [root] DEBUG: 4500: DLL loaded at 0x72A30000: C:\Windows\System32\iertutil (0x22b000 bytes).
2026-06-29 03:55:00,869 [root] DEBUG: 4500: DLL loaded at 0x72A10000: C:\Windows\System32\NETAPI32 (0x13000 bytes).
2026-06-29 03:55:00,870 [root] DEBUG: 4500: DLL loaded at 0x729E0000: C:\Windows\System32\USERENV (0x25000 bytes).
2026-06-29 03:55:00,872 [root] DEBUG: 4500: DLL loaded at 0x72910000: C:\Windows\System32\WINHTTP (0xc8000 bytes).
2026-06-29 03:55:00,873 [root] DEBUG: 4500: DLL loaded at 0x72900000: C:\Windows\System32\WKSCLI (0x10000 bytes).
2026-06-29 03:55:00,874 [root] DEBUG: 4500: DLL loaded at 0x728F0000: C:\Windows\System32\NETUTILS (0xb000 bytes).
2026-06-29 03:55:00,875 [root] DEBUG: 4500: DLL loaded at 0x72C60000: C:\Windows\System32\ieframe (0x62f000 bytes).
2026-06-29 03:55:00,884 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll is in known range, skipping
2026-06-29 03:55:00,887 [root] DEBUG: 4500: DLL loaded at 0x726E0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32 (0x210000 bytes).
2026-06-29 03:55:00,896 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll is in known range, skipping
2026-06-29 03:55:00,908 [root] DEBUG: 4500: DLL loaded at 0x72650000: C:\Windows\SYSTEM32\sxs (0x88000 bytes).
2026-06-29 03:55:00,996 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x08001000, size: 0x1000.
2026-06-29 03:55:01,008 [root] DEBUG: 4500: .NET JIT native cache at 0x09380000: scans and dumps active.
2026-06-29 03:55:01,011 [root] DEBUG: 4500: caller_dispatch: Added region at 0x09380000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x09380B87, thread 2784).
2026-06-29 03:55:01,012 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x09380000 skipped
2026-06-29 03:55:01,055 [root] DEBUG: 4500: DLL loaded at 0x721F0000: C:\Windows\system32\dxgi (0xc3000 bytes).
2026-06-29 03:55:01,057 [root] DEBUG: 4500: DLL loaded at 0x72430000: C:\Windows\system32\d3d11 (0x1e0000 bytes).
2026-06-29 03:55:01,058 [root] DEBUG: 4500: DLL loaded at 0x722C0000: C:\Windows\system32\dcomp (0x165000 bytes).
2026-06-29 03:55:01,059 [root] DEBUG: 4500: DLL loaded at 0x72610000: C:\Windows\system32\dataexchange (0x32000 bytes).
2026-06-29 03:55:01,068 [root] DEBUG: 4500: DLL loaded at 0x72060000: C:\Windows\system32\twinapi.appcore (0x18f000 bytes).
2026-06-29 03:55:01,104 [root] DEBUG: 4500: AllocationHandler: Allocation already in tracked region list: 0x04630000.
2026-06-29 03:55:01,133 [root] DEBUG: 4500: DLL loaded at 0x71F90000: C:\Windows\SYSTEM32\PROPSYS (0xc2000 bytes).
2026-06-29 03:55:01,147 [root] DEBUG: 4500: DLL loaded at 0x71F40000: C:\Windows\SYSTEM32\msIso (0x43000 bytes).
2026-06-29 03:55:01,184 [root] DEBUG: 4500: DLL loaded at 0x71D70000: C:\Windows\SYSTEM32\srvcli (0x1d000 bytes).
2026-06-29 03:55:01,191 [root] DEBUG: 4500: DLL loaded at 0x71D90000: C:\Windows\SYSTEM32\urlmon (0x1a8000 bytes).
2026-06-29 03:55:01,252 [root] DEBUG: 4500: DLL loaded at 0x70AC0000: C:\Windows\SYSTEM32\powrprof (0x44000 bytes).
2026-06-29 03:55:01,315 [root] DEBUG: 4500: DLL loaded at 0x70B10000: C:\Windows\System32\mshtml (0x1254000 bytes).
2026-06-29 03:55:01,317 [root] DEBUG: 4500: DLL loaded at 0x70AB0000: C:\Windows\SYSTEM32\UMPDC (0xd000 bytes).
2026-06-29 03:55:01,385 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll is in known range, skipping
2026-06-29 03:55:01,438 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll is in known range, skipping
2026-06-29 03:55:01,468 [root] DEBUG: 4500: DLL loaded at 0x70A80000: C:\Windows\System32\srpapi (0x25000 bytes).
2026-06-29 03:55:01,603 [root] DEBUG: 4500: .NET JIT native cache at 0x0B260000: scans and dumps active.
2026-06-29 03:55:01,606 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0B260000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x0B26011F, thread 2784).
2026-06-29 03:55:01,607 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0B260000 skipped
2026-06-29 03:55:01,683 [root] DEBUG: 4500: DLL loaded at 0x709E0000: C:\Windows\SYSTEM32\TextShaping (0x94000 bytes).
2026-06-29 03:55:01,779 [root] DEBUG: 4500: DLL loaded at 0x70860000: C:\Windows\SYSTEM32\WindowsCodecs (0x171000 bytes).
2026-06-29 03:55:02,033 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x0B200000, size: 0x8000.
2026-06-29 03:55:02,035 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x0B200000
2026-06-29 03:55:02,039 [root] DEBUG: 4500: AllocationHandler: Processing previous tracked region at: 0x08000000.
2026-06-29 03:55:02,041 [root] DEBUG: 4500: ProcessTrackedRegion: Updated entropy for tracked region at 0x08000000: 1.764103e+00 (from 1.163484e+00)
2026-06-29 03:55:02,042 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x08000000 - 0x08006FFE.
2026-06-29 03:55:02,043 [root] DEBUG: 4500: ScanForDisguisedPE: No PE image located in range 0x08000000-0x08006FFE.
2026-06-29 03:55:02,046 [lib.common.results] INFO: Uploading file C:\jXRqFQqtn\CAPE\4500_5895722551029162026 to CAPE\7415bbbf4690ce7e9491f81bbc414968aed014b33adeb1889801131d86ebee63; Size is 28670; Max size: 100000000
2026-06-29 03:55:02,051 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\jXRqFQqtn\CAPE\4500_5895722551029162026 (size 28670 bytes)
2026-06-29 03:55:02,052 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x08000000, size 28672 bytes.
2026-06-29 03:55:02,053 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x08000000.
2026-06-29 03:55:02,054 [root] DEBUG: 4500: YaraScan: Scanning 0x08000000, size 0x6ffe
2026-06-29 03:55:02,056 [root] DEBUG: 4500: AllocationHandler: Memory region (size 0x8000) reserved but not committed at 0x0B200000.
2026-06-29 03:55:02,058 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x0B200000, committing at: 0x0B200000.
2026-06-29 03:55:02,242 [root] DEBUG: 4500: .NET JIT native cache at 0x0B210000: scans and dumps active.
2026-06-29 03:55:02,252 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0B210000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0B210E75, thread 2784).
2026-06-29 03:55:02,253 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0B210000 skipped
2026-06-29 03:55:02,398 [root] DEBUG: 4500: .NET JIT native cache at 0x0B230000: scans and dumps active.
2026-06-29 03:55:02,441 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0B230000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0B235734, thread 2784).
2026-06-29 03:55:02,443 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0B230000 skipped
2026-06-29 03:55:02,546 [root] DEBUG: 4500: .NET JIT native cache at 0x0C560000: scans and dumps active.
2026-06-29 03:55:02,553 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0C560000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0C560769, thread 2784).
2026-06-29 03:55:02,554 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0C560000 skipped
2026-06-29 03:55:02,629 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll is in known range, skipping
2026-06-29 03:55:02,767 [root] DEBUG: 4500: DLL loaded at 0x70450000: C:\Windows\SYSTEM32\ntmarta (0x29000 bytes).
2026-06-29 03:55:02,771 [root] DEBUG: 4500: DLL loaded at 0x70480000: C:\Windows\System32\CoreMessaging (0x9b000 bytes).
2026-06-29 03:55:02,775 [root] DEBUG: 4500: DLL loaded at 0x70370000: C:\Windows\SYSTEM32\wintypes (0xdb000 bytes).
2026-06-29 03:55:02,780 [root] DEBUG: 4500: DLL loaded at 0x70520000: C:\Windows\System32\CoreUIComponents (0x27e000 bytes).
2026-06-29 03:55:02,784 [root] DEBUG: 4500: DLL loaded at 0x707A0000: C:\Windows\SYSTEM32\textinputframework (0xb9000 bytes).
2026-06-29 03:55:02,962 [root] DEBUG: 4500: DLL loaded at 0x70360000: C:\Windows\system32\msimtf (0xe000 bytes).
2026-06-29 03:55:02,987 [root] DEBUG: 4500: DLL loaded at 0x6FE40000: C:\Windows\System32\d2d1 (0x515000 bytes).
2026-06-29 03:55:02,996 [root] DEBUG: 4500: DLL loaded at 0x6FE30000: C:\Windows\SYSTEM32\resourcepolicyclient (0xf000 bytes).
2026-06-29 03:55:03,035 [root] DEBUG: 4500: DLL loaded at 0x6F870000: C:\Windows\SYSTEM32\d3d10warp (0x5c2000 bytes).
2026-06-29 03:55:03,050 [root] DEBUG: 4500: DLL loaded at 0x75720000: C:\Windows\System32\cfgmgr32 (0x3b000 bytes).
2026-06-29 03:55:03,052 [root] DEBUG: 4500: DLL loaded at 0x6F840000: C:\Windows\SYSTEM32\dxcore (0x2c000 bytes).
2026-06-29 03:55:03,203 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x0C560000, committing at: 0x0C56F000.
2026-06-29 03:55:03,207 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x0F850000, size: 0x1000.
2026-06-29 03:55:03,240 [root] DEBUG: 4500: .NET JIT native cache at 0x0F850000: scans and dumps active.
2026-06-29 03:55:03,249 [root] DEBUG: 4500: DLL loaded at 0x6F830000: C:\Windows\SYSTEM32\Secur32 (0xa000 bytes).
2026-06-29 03:55:03,254 [root] DEBUG: 4500: DLL loaded at 0x6F7F0000: C:\Windows\SYSTEM32\MLANG (0x34000 bytes).
2026-06-29 03:55:03,265 [root] DEBUG: 4500: DLL loaded at 0x6F3A0000: C:\Windows\SYSTEM32\WININET (0x450000 bytes).
2026-06-29 03:55:03,369 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x7FCD0000, size: 0x1000.
2026-06-29 03:55:03,410 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0F850000 skipped
2026-06-29 03:55:03,482 [root] DEBUG: 4500: .NET JIT native cache at 0x0FC50000: scans and dumps active.
2026-06-29 03:55:03,485 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0FC50000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0FC50929, thread 2784).
2026-06-29 03:55:03,486 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0FC50000 skipped
2026-06-29 03:55:20,153 [root] INFO: Analysis timeout hit, terminating analysis
2026-06-29 03:55:20,155 [lib.api.process] INFO: Terminate event set for process 4500
2026-06-29 03:55:20,157 [root] DEBUG: 4500: Terminate Event: Attempting to dump process 4500
2026-06-29 03:55:20,158 [root] DEBUG: 4500: VerifyCodeSection: Executable code does not match, 0x204f2 of 0x204f3 matching
2026-06-29 03:55:20,160 [root] DEBUG: 4500: DoProcessDump: Code modification detected, dumping Imagebase at 0x00B60000.
2026-06-29 03:55:20,161 [root] DEBUG: 4500: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2026-06-29 03:55:20,162 [root] DEBUG: 4500: DumpProcess: Instantiating PeParser with address: 0x00B60000.
2026-06-29 03:55:20,163 [root] DEBUG: 4500: DumpProcess: Module entry point VA is 0x00B824EE.
2026-06-29 03:55:20,163 [root] DEBUG: 4500: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00B62000, section 1
2026-06-29 03:55:20,164 [root] DEBUG: 4500: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00B84000, section 2
2026-06-29 03:55:20,165 [root] DEBUG: 4500: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00B8A000, section 4
2026-06-29 03:55:20,166 [root] DEBUG: 4500: reBasePEImage: Exception rebasing image from 0x00B60000 to 0x00400000.
2026-06-29 03:55:20,167 [root] DEBUG: 4500: readPeSectionsFromProcess: Failed to relocate image back to header image base 0x00400000.
2026-06-29 03:55:20,172 [lib.common.results] INFO: Uploading file C:\jXRqFQqtn\CAPE\4500_684720551029162026 to procdump\f6b3577e43911312e7ab3c479b13215e856a3ce268d071e250a391b84ff632d8; Size is 17408; Max size: 100000000
2026-06-29 03:55:20,187 [root] DEBUG: 4500: DumpProcess: Module image dump success - dump size 0x4400.
2026-06-29 03:55:20,191 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07B20000 (jit-dumps=0)
2026-06-29 03:55:20,192 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07CF0000 (jit-dumps=0)
2026-06-29 03:55:20,194 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07D40000 (jit-dumps=0)
2026-06-29 03:55:20,195 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07E40000 (jit-dumps=0)
2026-06-29 03:55:20,195 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07E70000 (jit-dumps=0)
2026-06-29 03:55:20,197 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07F30000 (jit-dumps=0)
2026-06-29 03:55:20,198 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07F70000 (jit-dumps=0)
2026-06-29 03:55:20,199 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07FA0000 (jit-dumps=0)
2026-06-29 03:55:20,200 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07FE0000 (jit-dumps=0)
2026-06-29 03:55:20,202 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x08030000 (jit-dumps=0)
2026-06-29 03:55:20,205 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x08B80000 (jit-dumps=0)
2026-06-29 03:55:20,207 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x09300000 (jit-dumps=0)
2026-06-29 03:55:20,210 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x09380000 (jit-dumps=0)
2026-06-29 03:55:20,212 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0B210000 (jit-dumps=0)
2026-06-29 03:55:20,213 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0B230000 (jit-dumps=0)
2026-06-29 03:55:20,214 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0B260000 (jit-dumps=0)
2026-06-29 03:55:20,215 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0C560000 (jit-dumps=0)
2026-06-29 03:55:20,217 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0F850000 (jit-dumps=0)
2026-06-29 03:55:20,218 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0FC50000 (jit-dumps=0)
2026-06-29 03:55:20,223 [root] DEBUG: 4500: ProcessTrackedRegion: Updated entropy for tracked region at 0x7FCD0000: 6.939652e-01 (from 6.939653e-01)
2026-06-29 03:55:20,224 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x7FCD0000 - 0x7FCD010B.
2026-06-29 03:55:20,225 [root] DEBUG: 4500: ScanForDisguisedPE: Size too small: 0x10b bytes
2026-06-29 03:55:20,228 [lib.common.results] INFO: Uploading file C:\jXRqFQqtn\CAPE\4500_411814120551029162026 to CAPE\ca517a62cc4bd322c4afb74599b3f4a6f414d0fb6f750eae56a0d9c95d997f49; Size is 267; Max size: 100000000
2026-06-29 03:55:20,252 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\jXRqFQqtn\CAPE\4500_411814120551029162026 (size 267 bytes)
2026-06-29 03:55:20,253 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x7FCD0000, size 4096 bytes.
2026-06-29 03:55:20,254 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x7FCD0000.
2026-06-29 03:55:20,255 [root] DEBUG: 4500: YaraScan: Scanning 0x7FCD0000, size 0x10b
2026-06-29 03:55:20,256 [root] DEBUG: 4500: Terminate Event: Shutdown complete for process 4500 but failed to inform analyzer.
2026-06-29 03:55:25,169 [lib.api.process] INFO: Termination confirmed for process 4500
2026-06-29 03:55:25,170 [root] INFO: Terminate event set for process 4500
2026-06-29 03:55:25,170 [root] INFO: Created shutdown mutex
2026-06-29 03:55:26,187 [root] INFO: Shutting down package
2026-06-29 03:55:26,188 [root] INFO: Stopping auxiliary modules
2026-06-29 03:55:26,188 [root] INFO: Stopping auxiliary module: Browser
2026-06-29 03:55:26,189 [root] INFO: Stopping auxiliary module: Human
2026-06-29 03:55:31,766 [root] INFO: Stopping auxiliary module: Screenshots
2026-06-29 03:55:31,767 [root] INFO: Finishing auxiliary modules
2026-06-29 03:55:31,768 [root] INFO: Shutting down pipe server and dumping dropped files
2026-06-29 03:55:31,769 [root] WARNING: Folder at path "C:\jXRqFQqtn\debugger" does not exist, skipping
2026-06-29 03:55:31,769 [root] WARNING: Folder at path "C:\jXRqFQqtn\tlsdump" does not exist, skipping
2026-06-29 03:55:31,771 [root] INFO: Analysis completed

Process Log

Pre-Script Log

During-Script Log

Machine Information

Name	Label	Manager	Started On	Shutdown On	Route
win10	win10	KVM	2026-06-29 10:54:32	2026-06-29 10:55:32	`internet`

File Details

File Information

File Name	HTMLive.exe
File Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File Size	151040 bytes
MD5	dd8298f66e20ce262d9726dd72bcab0c
SHA1	a4bc6e9479d4639bd3de2061e957fcac30bbc7c6
SHA256	dfc699781837e22302e61c78c7c4d39694b26a3dcc61da7d4e163bdcbb8f3434 VT MWDB Bazaar
SHA3-384	44366c6713a742f2a707203379e810ed2a5df052e59b8a84f42eff1ea8c4d9942d91f391affa55307b5b2aadb3eb7e06
CRC32	350946E6
TLSH	T1DAE3C52236D86757EA7D73B519F0002482F2ED164132E70E7C69716E0EF9742CFA2B5A
Ssdeep	3072:diCavxHdbxLytt25RRzmJVmbXQr1j5V1HbiPzaVNfE0yiC:tyzgVmbAr15j

Tools: PE Strings Extract: BinGraph Extract: de4dot

Strings

CCS_Word_Spacing
ShowDialog
repeat-y:     The background image will be repeated vertically.
startcode
page and the text.
DecorationToolStripMenuItem_Click
set_SaveAsToolStripMenuItem
_NewHorizontalItemToolStripMenuItem
New Horizontal Item <td>
set_HeadingsToolStripMenuItem
Color
CCSToolStripMenuItem
get_LetterSpacingToolStripMenuItem
AssemblyTrademarkAttribute
m_CCS_Text_Align
teroffact
Possible  Format Methods:
right top
Value
m_FormBeingCreated
get_Items
Local image locations will not display in the preview
ComVisibleAttribute
Javascript_Function
LineHeightToolStripMenuItem_Click
AlertBoxToolStripMenuItem
ListsToolStripMenuItem
get_IndentToolStripMenuItem
m_CCS_Text_Shadow
HtmL-ive 0.5.7 - by 12padams / 
oldselstart
set_OpenFileDialog1
get_Heading4h4ToolStripMenuItem
System.Threading
get_ColorToolStripMenuItem
Indent
TextBox
AssemblyProductAttribute
System.Globalization
get_CCS_Text_Color
Minimum:
set_TextBox1
HtmlToolStripMenuItem
DebuggableAttribute
_ItaliciToolStripMenuItem
Font weight is how bold the text is.
_DecorationToolStripMenuItem
sender
superfrench
_ColorToolStripMenuItem
set_Checked
text-shadow: 
Background Image
turalight bt
BackgroundrepeatToolStripMenuItem_Click
livehtml.Resources
set_RichTextBox1
_Heading6h6ToolStripMenuItem
_SubscriptedsupToolStripMenuItem
get_SubscriptedsupToolStripMenuItem
_HorizontalToolStripMenuItem
SplitToolStripMenuItem
cademy engraved let
_CCSCustomTagPropertiesToolStripMenuItem
htmllinktext
set_Label1
set_Heading3h3ToolStripMenuItem
HorizontalToolStripMenuItem
FileDialog
AssemblyFileVersionAttribute
set_RandomNumberToolStripMenuItem
$this.Icon
set_CCS_Background_Image
set_Label7
Background Repeat
FontToolStripMenuItem
set_Title
You also have the option of the % where 0% 0% is the top left corner
set_TabIndex
VerticalAlignToolStripMenuItem
set_Heading5h5ToolStripMenuItem
Label7
set_WeightToolStripMenuItem
that you want to have the text indented.
mekanik let
Concat
A timeout in Javascript allows an action to be performed after a set time
FunctionToolStripMenuItem_Click
get_Panel1
Fixed
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Javascript Random Number
MyTemplate
Conversions
bolder
SubscriptedsupToolStripMenuItem_Click
TargetFrameworkAttribute
want to have your image using x and y coordinates
BackgroundimageToolStripMenuItem_Click
ToDouble
Settings
This program will generate a random full number (without decimal places) between the min and max values set below
While 100% 100% is the bottom right corner
Alternate Text:
</h3>
get_UnderlineuToolStripMenuItem
set_AToolStripMenuItem
BackgroundcolorToolStripMenuItem_Click
get_Controls
Math.floor(Math.random()*
set_ckblive
arial
</h6>
get_SplitToolStripMenuItem
</h1>
the letters to overlap eachother
AccessedThroughPropertyAttribute
get_BoldToolStripMenuItem
Y coordinate:
Activator
%BackgroundattachmentToolStripMenuItem
rtl: The writing direction is right-to-left
get_IsDisposed
System.Diagnostics
get_Forms
arial black
ccs_background_color
balthazar
Write
CCS_Text_Color
AToolStripMenuItem_Click
WeightToolStripMenuItem_Click
ControlCollection
Instance
NewItemToolStripMenuItem_Click
left top
Table Format Setup
Link Text:
set_CCS_Background_Attachment
set_Form1
get_RichTextBox1
get_BackgroundrepeatToolStripMenuItem
HorizontalToolStripMenuItem_Click
_SaveAsToolStripMenuItem
PHPStructureSetupToolStripMenuItem_Click
get_Form1
RandomNumberToolStripMenuItem
repeat-y
ComboBox1
$5b21b810-a004-44e9-821c-1b0eb011ab4f
CCSToolStripMenuItem1_Click
_CodeToolStripMenuItem
GetInstance
britannic bold
livehtml.CCS_Text_Direction.resources
_TimedToolStripMenuItem
AssemblyDescriptionAttribute
RandomNumberToolStripMenuItem_Click
LetterSpacingToolStripMenuItem_Click
get_FileName
ErrInfo
Orientation
set_Button1
WeightToolStripMenuItem
LinkToolStripMenuItem_Click
bookman old style
CCS_Font_Weight
FunctionToolStripMenuItem
Shadow
get_TextBox4
Synchronized
SaveToolStripMenuItem
coolsville
ToolStripItemCollection
</h4>
WebBrowser
TextToolStripMenuItem
disposing
trendy
puppylike
CCS_Letter_Spacing
set_SaveFileDialog1
<del>
OnCreateMainForm
get_BackgroundpositionToolStripMenuItem
SaveTextToFile
CCS Background Position
get_BackgroundToolStripMenuItem
background-repeat:
set_htmllink
get_DeleteddelToolStripMenuItem
VerticalToolStripMenuItem_Click
ObjectCollection
_TableToolStripMenuItem
_SplitToolStripMenuItem
set_Heading6h6ToolStripMenuItem
get_FontToolStripMenuItem
BackgroundrepeatToolStripMenuItem
set_ClientSize
CCS Custom Tag Properties
Table Heading  <th>
get_Label6
Direction
A normal line height.
v4.0.30319
m_CCS_Text_Indent
set_BackgroundpositionToolStripMenuItem
set_DefaultExt
</li>
CCS Text Align
 BackgroundimageToolStripMenuItem
_BackgroundattachmentToolStripMenuItem
add_Click
get_SaveFileDialog1
_ImageList1
Split
get_LineHeightToolStripMenuItem
monospace
set_DeleteddelToolStripMenuItem
get_SaveAsToolStripMenuItem1
SuperscriptedsupToolStripMenuItem_Click
AToolStripMenuItem
set_Text
Scroll
get_DocumentTitle
Application
Javascript_Timeout
get_TableToolStripMenuItem
</h2>
add_Shutdown
set_TextToolStripMenuItem1
Javascript Function
get_AToolStripMenuItem
set_Name
livehtml.My.Resources
_Label2
_DirectionToolStripMenuItem
SaveAsToolStripMenuItem1
set_BackgroundcolorToolStripMenuItem
_ShadowToolStripMenuItem
capitalize
overline
Button
underline:       Defines a line below the text
UnorderedListulToolStripMenuItem
Blur Radius:
Choose Here
_BackgroundcolorToolStripMenuItem
System.IO
ToolStrip
set_CCS_Font_Size
DesignerGeneratedAttribute
set_DirectionToolStripMenuItem
CCS_Line_Height
set_Icon
font-weight:
CCS Letter Spacing
Label9
BackgroundattachmentToolStripMenuItem_Click
* Hex - a hex value, like "#0000FF"
ColorToolStripMenuItem_Click
set_HTML_Image
get_TextToolStripMenuItem
set_Label3
</h5>
OpenFileDialog1
set_NewRowtrToolStripMenuItem
InvalidOperationException
color:
SaveAsToolStripMenuItem
</table>
m_CCS_Text_Direction
get_Label1
New Row <tr>
Heading 1 <h1>
CCS_Background_Image
_NewItemToolStripMenuItem
Label3
set_CCS_Text_Indent
livehtml.CCS_Font_Family.resources
WinForms_RecursiveFormCreate
ShutdownMode
Label
set_HtmlStructureToolStripMenuItem
FontSizeToolStripMenuItem
ViewToolStripMenuItem
height
impact
background-position:
transform the text
get_Heading2h2ToolStripMenuItem
set_NewItemToolStripMenuItem
get_CheckState
Line Height
HideModuleNameAttribute
Label8
get_AlertBoxToolStripMenuItem
WithEventsValue
get_TextToolStripMenuItem1
Time (ms):
get_VerticalToolStripMenuItem
_HeadingsToolStripMenuItem
livehtml.CCS_Text_Indent.resources
Underline <u>
 BackgroundcolorToolStripMenuItem
 none
Maximum:
components
ImageList1
<Module>
matura mt script capitals
Scroll: Background scrolls with the page
set_Heading2h2ToolStripMenuItem
m_CCS_Letter_Spacing
m_CCS_Text_Transform
CheckState
CCSCustomTagPropertiesToolStripMenuItem
ImageList
_PHPStructureSetupToolStripMenuItem
get_FileSystem
set_LinkToolStripMenuItem
get_BackgroundcolorToolStripMenuItem
livehtml.CCS_background_Repeat.resources
set_DecorationToolStripMenuItem
MySettings
get_NewHorizontalItemToolStripMenuItem
get_DecorationToolStripMenuItem
AssemblyTitleAttribute
</HEAD>
set_SubscriptedsupToolStripMenuItem
VerticalToolStripMenuItem
sans-serif
get_ItaliciToolStripMenuItem
get_SaveMySettingsOnExit
set_MainForm
line-through
!This program cannot be run in DOS mode.
remove_TextChanged
Use Combo Box below to choose how you want
if typed like this: "/test.jpg" but will appear when the user
X coordinate:
RichTextBox1_TextChanged
length: 
VarFileInfo
My.Application
_FontToolStripMenuItem
set_ShadowToolStripMenuItem
get_CCS_Text_Decoration
</sup>
livehtml.htmllink.resources
get_Label3
set_CCS_Letter_Spacing
get_SelectionLength
marlett
GetObject
System.Windows.Forms
colonna mt
get_GetInstance
geotype tt
Unordered List Setup <ul>
ProductVersion
AuthenticationMode
ShadowToolStripMenuItem_Click
get_HorizontalToolStripMenuItem
DirectionToolStripMenuItem
get_TextBox2
_JavascriptToolStripMenuItem
set_CCS_Background_Position
get_VerticalAlignToolStripMenuItem
livehtml.CCS_Text_Transform.resources
livehtml.CCS_Font_Size.resources
Link Location:
MenuStrip
DeleteddelToolStripMenuItem
TextBox2
book antiqua
get_CCSToolStripMenuItem1
set_SaveMySettingsOnExit
"PHPStructureSetupToolStripMenuItem
Hashtable
wingdings
ServerComputer
TextBox4
Assembly Version
TextToolStripMenuItem3
text-align:
CCSToolStripMenuItem1
_ViewToolStripMenuItem
lowercase
MyProject
vineta bt
word-spacing:
TimedToolStripMenuItem_Click
cursive
System.ComponentModel.Design
add_CheckedChanged
set_Label8
SaveToolStripMenuItem_Click
Assembly
SaveFileDialog1
set_SplitToolStripMenuItem
set_UnorderedListulToolStripMenuItem
background-color:
set_CCSToolStripMenuItem1
livehtml.CCS_Background_Attachment.resources
_TextBox2
livehtml.CCS_Text_Decoration.resources
new york
get_Heading5h5ToolStripMenuItem
get_CCS_Font_Size
get_SaveAsToolStripMenuItem
Close
Javascript Timeout
century schoolbook
GetString
strData
TextBoxBase
set_Label6
background-image:url('
set_UseVisualStyleBackColor
UriKind
set_CCS_Font_Weight
_MenuStrip1
set_VerticalToolStripMenuItem
simplex
_VerticalAlignToolStripMenuItem
set_MinimumSize
RuntimeCompatibilityAttribute
line-height:
_BackgroundrepeatToolStripMenuItem
left center
Enter in the textbox the amount in pixels
You also can specify the % from normal size (e.g. 50%)
set_FontSizeToolStripMenuItem
ObjectFlowControl
RichTextBox1
Not all browsers can display all fonts but you may type your
get_CCS_Font_Family
small
ltr: The writing direction is left-to-right.
set_BoldToolStripMenuItem
x-large
_SaveAsToolStripMenuItem1
WebServices
get_WebServices
swis721 blkoul bt
orange let
Save website
Image Url:
Heading5h5ToolStripMenuItem
000004b0
set_Javascript_Timeout
m_CCS_Font_Weight
EditorBrowsableAttribute
mscoree.dll
Action:
_ListItemliToolStripMenuItem
EventArgs
medium
Monitor
get_ckblive
m_ccs_background_color
the image was for any reason unable to be
NewRowtrToolStripMenuItem
System.Collections
surfer
Heading4h4ToolStripMenuItem_Click
text-indent:
set_TransformToolStripMenuItem
set_IsSingleInstance
set_AutoSize
Property can only be set to Nothing
m_CCS_Font_Size
get_CCS_Letter_Spacing
_LinkToolStripMenuItem
get_TransformToolStripMenuItem
font-family:'
m_ThreadStaticValue
loads the website. It is recommended to use your websites
symbol
<?php
System.Runtime.CompilerServices
`.sdata
get_Heading3h3ToolStripMenuItem
.rsrc
TransformToolStripMenuItem_Click
CCS Font Size
width
set_TextToolStripMenuItem
CreateInstance
UnderlineuToolStripMenuItem_Click
UnderlineuToolStripMenuItem
Heading4h4ToolStripMenuItem
set_Culture
<TITLE>This text is displayed in the title of the web browser</TITLE>
AnchorStyles
StreamWriter
right center
get_WebBrowser1
Use the combobox below to chose where you want your image displayed:
get_Default
Heading1h1ToolStripMenuItem_Click
_WebBrowser1
set_BackgroundattachmentToolStripMenuItem
m_CCS_Text_Color
Word Spacing
LinkToolStripMenuItem
chasm
_QuitToolStripMenuItem
</td>
livehtml.ccs_background_color.resources
m_CCS_background_Repeat
BackgroundpositionToolStripMenuItem_Click
Leave "Link Text" blank if you have highlighted text
get_Length
get_SelectionStart
Heading6h6ToolStripMenuItem_Click
The "blink" value is not supported in IE, Chrome 
get_OpenFileDialog1
Object
FontSizeToolStripMenuItem_Click
SaveFileDialog
IDisposable
_StartJavascriptToolStripMenuItem
alt='
livehtml.CCS_Font_Weight.resources
</script>
set_EnableVisualStyles
<BODY>
superscripted <sup>
NewHorizontalItemToolStripMenuItem
ColorToolStripMenuItem
Environment
NewItemToolStripMenuItem
Link Options
john handy let
thYO{vq
helterskelter
</HTML>
HtmlStructureToolStripMenuItem
_UnderlineuToolStripMenuItem
m_CCS_customize_tag
ReadAllText
Resources
alert('
set_MaximumSize
12padams
 StartJavascriptToolStripMenuItem
_OpenFileDialog1
CompilationRelaxationsAttribute
set_TextBox4
_TextToolStripMenuItem
<HTML>
set_MenuStrip1
HeadingsToolStripMenuItem
SettingsBase
FileToolStripMenuItem
<script type = 'text/javascript'>
address when linking images.... Example below:
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
the text to be aligned on the page.
x-small
set_ComboBox1
OrderedListorToolStripMenuItem_Click
CCS_Font_Family
My.Forms
#BackgroundpositionToolStripMenuItem
CCS Word Spacing
get_UseCompatibleTextRendering
get_NewItemToolStripMenuItem
get_CCS_Background_Image
ProductName
PHPStructureSetupToolStripMenuItem
get_CCS_Text_Transform
matisse itc
repeat-x
htmllinklocation
no-repeat:  The background-image will only appear once.
set_ListsToolStripMenuItem
set_Url
IContainer
set_CCS_Text_Color
DockStyle
ImageToolStripMenuItem
resourceMan
_TextToolStripMenuItem2
technic
set_LineHeightToolStripMenuItem
Enter Tag Here:
stylus bt
_FileToolStripMenuItem
CCS_Text_Align
get_StartJavascriptToolStripMenuItem
set_Heading1h1ToolStripMenuItem
SaveAsToolStripMenuItem1_Click
FileVersion
set_SelectionStart
_Heading2h2ToolStripMenuItem
ResourceManager
set_Javascript_Random_Number
Background Position
Horizontal
livehtml.Javascript_Function.resources
font-size:
selectionamount
_SaveFileDialog1
Remove
kino mt
SystemColors
Label1
set_ItaliciToolStripMenuItem
herman
set_ShutdownStyle
Dispose
western
Microsoft.VisualBasic
_HtmlStructureToolStripMenuItem
CheckForSyncLockOnValueType
Lists
set_Location
TimedToolStripMenuItem
4System.Web.Services.Protocols.SoapHttpClientProtocol
GetHashCode
get_Text
Bold <b>
dayton
set_DocumentText
get_ImageList1
ContainsKey
get_WeightToolStripMenuItem
set_Label4
tahoma
_PHPToolStripMenuItem
number: A number that will be multiplied with the font size to set the line height
_Heading1h1ToolStripMenuItem
InternalName
You may either select a boldness number
m_htmllink
_NewRowtrToolStripMenuItem
Color:
CCS Font
set_BackgroundToolStripMenuItem
get_CCS_Text_Shadow
_RandomNumberToolStripMenuItem
right bottom
InitializeComponent
m_Javascript_Timeout
scruff let
symap
get_CCS_Line_Height
get_UnorderedListulToolStripMenuItem
set_LetterSpacingToolStripMenuItem
get_CodeToolStripMenuItem
large
instance
CCS_Background_Attachment
CCS Background Color
_BackgroundToolStripMenuItem
_BackgroundimageToolStripMenuItem
GeneratedCodeAttribute
Label10
Html Structure Setup
SubscriptedsupToolStripMenuItem
set_BackColor
_AToolStripMenuItem
CCS_Text_Shadow
set_Label2
set_CCS_Word_Spacing
</style> </head>
StandardModuleAttribute
livehtml.HTML_Image.resources
WebBrowser1
set_SaveToolStripMenuItem
Culture
xx-small
_Heading4h4ToolStripMenuItem
_ckblive
_Button1
livehtml.Javascript_Random_Number.resources
get_PHPToolStripMenuItem
braggadocio
setTimeout('
times new roman
Weight
</ol>
_RichTextBox1
HtmlStructureToolStripMenuItem_Click
WinForms_SeeInnerException
_Label6
get_TextBox3
set_OrderedListorToolStripMenuItem
CCS Font Weight
<table border='1'>
set_AlertBoxToolStripMenuItem
livehtml.CCS_customize_tag.resources
capitalize:    First character of each word to uppercase
Translation
or you may select a type from the list below
DebuggerStepThroughAttribute
50px 50px 
Component
Button1
normal:  
get_JavascriptToolStripMenuItem
Dispose__Instance__
set_MainMenuStrip
System.Runtime.InteropServices
IndentToolStripMenuItem_Click
ComponentResourceManager
BackgroundpositionToolStripMenuItem
set_FormattingEnabled
set_SplitterDistance
Microsoft.VisualBasic.MyServices
get_Javascript_Random_Number
remove_CheckedChanged
_Label3
_ImageToolStripMenuItem
Function
ckblive
repeat
MyWebServices
set_Orientation
set_ScriptErrorsSuppressed
Heading 4 <h4>
set_Size
ColorDepth
add_TextChanged
CCS Customize Tag
OpenFileDialog
automatically.
get_ShadowToolStripMenuItem
!BackgroundrepeatToolStripMenuItem
get_ButtonFace
MyGroupCollectionAttribute
Form1
AssemblyCompanyAttribute
defaultInstance
Select a repeat type from the combobox below:
get_HeadingsToolStripMenuItem
Control
_IndentToolStripMenuItem
AlertBoxToolStripMenuItem_Click
trebuchet ms
set_PHPStructureSetupToolStripMenuItem
commercialscript bt
Do not enter px at the end as it will be put in
BeginInit
Background Attachment
highlight let
TableFormatSetupToolStripMenuItem
Vertical
Label6
_UnorderedListulToolStripMenuItem
ListItemliToolStripMenuItem_Click
Insert
CheckBox
ItaliciToolStripMenuItem_Click
set_ColorToolStripMenuItem
Label4
_TableFormatSetupToolStripMenuItem
CCS background Repeat
Enter
Point
get_Application
MenuStrip1
System.CodeDom.Compiler
Create__Instance__
get_FontSizeToolStripMenuItem
get_MenuStrip1
!TableFormatSetupToolStripMenuItem
ms linedraw
get_FileToolStripMenuItem
<a href='
STAThreadAttribute
get_CCS_Text_Direction
Table
</BODY>
ComboBox
monaco
set_CCS_Font_Family
ShadowToolStripMenuItem
Select the type of text decoration you want from
My.User
underline
get_ResourceManager
set_ViewToolStripMenuItem
_LineHeightToolStripMenuItem
get_CCS_customize_tag
BackgroundattachmentToolStripMenuItem
#Blob
FontToolStripMenuItem_Click
set_ImageList1
DialogResult
RuntimeTypeHandle
amaze
_Label8
CCS Text Direction
victorian let
CCS_Background_Position
get_TextBox1
QuitToolStripMenuItem_Click
get_InnerException
CCSCodeHeadingToolStripMenuItem_Click
TableToolStripMenuItem
LetterSpacingToolStripMenuItem
_Label4
Deleted <del>
livehtml.Javascript_Timeout.resources
get_Settings
ThreadSafeObjectProvider`1
m_Javascript_Random_Number
ListControl
System.Drawing.Icon
endcode
scripts
EndInit
get_ListItemliToolStripMenuItem
Copyright 
TextToolStripMenuItem2
flat brush
RichTextBox
get_Transparent
DebuggingModes
set_CCS_Text_Shadow
Headings
bankgothic lt bt
set_CCS_background_Repeat
BoldToolStripMenuItem_Click
SplitContainer
Letter Spacing
larger
m_CCS_Word_Spacing
left bottom
get_Label9
fantasy
items
get_DropDownItems
center top
geneva
set_ccs_background_color
get_CCS_Background_Position
get_PHPStructureSetupToolStripMenuItem
CCS Text Indent
get_CCSCustomTagPropertiesToolStripMenuItem
CCS Line Height
livehtml.CCS_Background_Position.resources
ListItemliToolStripMenuItem
Heading6h6ToolStripMenuItem
set_JavascriptToolStripMenuItem
vivian
Italic <i>
palatino
get_CCS_Background_Attachment
"NewHorizontalItemToolStripMenuItem
get_Label4
tempus sans itc
Heading1h1ToolStripMenuItem
justify
BackgroundToolStripMenuItem
m_CCS_Background_Attachment
get_Javascript_Timeout
AutoSaveSettings
EditorBrowsableState
PHPToolStripMenuItem
document.write('
set_AutoScaleMode
get_Button1
System
text-transform:
set_TimedToolStripMenuItem
BoldToolStripMenuItem
_TextBox4
livehtml
Heading 5 <h5>
CCS Structure Setup
Microsoft.VisualBasic.ApplicationServices
set_HorizontalToolStripMenuItem
mscorlib
_AlertBoxToolStripMenuItem
no-repeat
ProjectData
OriginalFilename
Image
CCS_Font_Size
SetCompatibleTextRenderingDefault
Shadow color:
QuitToolStripMenuItem
smaller
get_RandomNumberToolStripMenuItem
helvetica
get_TextToolStripMenuItem2
livehtml.CCS_Text_Color.resources
System.Drawing.Size
get_SuperscriptedsupToolStripMenuItem
You can specify the exact pixel size (e.g. 5px)
ArgumentException
get_FunctionToolStripMenuItem
HtmL-ive 0.5.7 - by 12padams
CommonDialog
* RGB - an RGB value, like "rgb(0, 0, 255)"
DebuggerHiddenAttribute
short hand
CompanyName
set_CCS_Line_Height
get_TimedToolStripMenuItem
TextToolStripMenuItem3_Click
CCS Text Color
PerformLayout
PADPADP
lucida console
AssemblyCopyrightAttribute
futurablack bt
get_Label10
set_CCS_Text_Transform
brush script mt
SplitterPanel
set_TextToolStripMenuItem3
3System.Resources.Tools.StronglyTypedResourceBuilder
_CCSToolStripMenuItem
Decoration
Choose the font you want from the list below.
</th>
System.Configuration
HTML Image
Based on the above type what you want in the textbox below:
_OrderedListorToolStripMenuItem
<sub>
center center
set_SplitContainer1
value
get_DirectionToolStripMenuItem
Microsoft.VisualBasic.CompilerServices
get_SaveToolStripMenuItem
pump demi bold let
Label1.Text
by the px symbol as it will automatically be added
_VerticalToolStripMenuItem
set_CCSCodeHeadingToolStripMenuItem
Image URL:
_Label7
center bottom
space to be placed between each word.
times
westwood let
CCS Tag Customize
set_ListItemliToolStripMenuItem
get_NewLine
livehtml.CCS_Background_Image.resources
htmllink
System.Drawing
Heading 2 <h2>
set_Heading4h4ToolStripMenuItem
set_StartJavascriptToolStripMenuItem
10.0.0.0
CCS Text Shadow
Form1_Load
get_HTML_Image
add_Load
serif
Random Number
</ul>
ToString
Transform
_BoldToolStripMenuItem
Choose a Background Attachment Type from the list below:
</del>
ButtonBase
A fixed line height in px, pt, cm, etc.
displayed on the webpage.
xx-large
_ComboBox1
Fixed: Background stays in the same place
CCS Text Decoration
the combo box below:
System.Reflection
_HtmlToolStripMenuItem
set_Anchor
m_CCS_Text_Decoration
ToolStripDropDownItem
RuntimeHelpers
chicago
CCS_customize_tag
HTML_Image
StringFileInfo
set_BackgroundimageToolStripMenuItem
set_ImageSize
blink
get_Culture
addcode
get_Assembly
System.Resources
la bamba let
DeleteddelToolStripMenuItem_Click
.ctor
<HEAD>
TransformToolStripMenuItem
Timeout
SizeF
get_HtmlToolStripMenuItem
subscripted <sub>
You can also choose the location in pixels of where in the webpage you
GetTypeFromHandle
MyComputer
#Strings
georgia
get_CCS_Text_Indent
(Will not be displayed in this program)
Javascript
           Defines a normal text. This is default
line-through:   Defines a line through the text
text-decoration:
Enter the Name of the function below:
set_PHPToolStripMenuItem
get_User
Enter the number of pixels in textboxes NOT followed 
TargetInvocationException
set_Label10
Time: This is the time in miliseconds that you want this event to go off
get_CCSCodeHeadingToolStripMenuItem
DecorationToolStripMenuItem
Use the combobox below to choose the text direction
set_CCSToolStripMenuItem
StartJavascriptToolStripMenuItem
set_FileToolStripMenuItem
.text
set_ColorDepth
CCS_Text_Decoration
get_Control
My.WebServices
set_IndentToolStripMenuItem
'CCSCustomTagPropertiesToolStripMenuItem
Ordered List Setup <ol>
set_ImageToolStripMenuItem
set_CCS_Text_Direction
get_HtmlStructureToolStripMenuItem
ApplicationSettingsBase
List Item <li>
set_TransparentColor
If the image is coming from your location computer instead enter the file location
m_AppObjectProvider
).NETFramework,Version=v4.0,Profile=Client
livehtml.exe
livehtml.My
Heading5h5ToolStripMenuItem_Click
_ListsToolStripMenuItem
SaveAsToolStripMenuItem_Click
VS_VERSION_INFO
Default
BackgroundimageToolStripMenuItem
courier
lowercase:   All characters lowercase
Heading2h2ToolStripMenuItem
m_UserObjectProvider
set_HtmlToolStripMenuItem
SuspendLayout
m_CCS_Background_Image
<sup>
ContainerControl
remove_Click
uppercase:  All characters uppercase
set_UnderlineuToolStripMenuItem
set_Dock
m_CCS_Font_Family
wide latin
_Heading3h3ToolStripMenuItem
SetProjectError
get_Label8
AutoScaleMode
20% 20%
OrderedListorToolStripMenuItem
ToolStripItem
_BackgroundpositionToolStripMenuItem
ISupportInitialize
If the text is indented it makes it so that
jokerman let
direction:
* name - a color name, like "Blue"
olddreadfulno7 bt
set_CCSCustomTagPropertiesToolStripMenuItem
roland
_SplitContainer1
GetType
set_BackgroundrepeatToolStripMenuItem
desdemona
_LetterSpacingToolStripMenuItem
set_CCS_Text_Align
signs normal
get_ListsToolStripMenuItem
FrameworkDisplayName
get_ComboBox1
m_Form1
HelpKeywordAttribute
IconSize
CCS Background Attachment
get_TextToolStripMenuItem3
.cctor
set_TableToolStripMenuItem
get_CCSToolStripMenuItem
CCS_Text_Direction
CCSCodeHeadingToolStripMenuItem
get_Computer
livehtml.CCS_Word_Spacing.resources
courier new
Safari or the program you are currently using.
get_QuitToolStripMenuItem
Select a size from the list below.
letter-spacing:
get_NewRowtrToolStripMenuItem
swis721 bt
addedHandler
My.Settings
century gothic
set_SaveAsToolStripMenuItem1
CodeToolStripMenuItem
CCS_Text_Indent
_Label10
MyForms
<head> <style type='text/css'>
IconData
My.MyProject.Forms
Microsoft.VisualBasic.Devices
NewRowtrToolStripMenuItem_Click
background-attachment:
m_HTML_Image
livehtml.CCS_Line_Height.resources
Equals
set_Label9
Heading2h2ToolStripMenuItem_Click
footlight mt light
4.0.0.0
UnorderedListulToolStripMenuItem_Click
_TransformToolStripMenuItem
set_CCS_customize_tag
get_ImageToolStripMenuItem
 12padams 2010
WARNING: Only works in Safari, Opera, and Konqueror!
LegalCopyright
livehtml.Form1.resources
jester
FileSystemProxy
simpson
set_VerticalAlignToolStripMenuItem
 UnorderedListulToolStripMenuItem
uppercase
addedHandlerLockObject
_TextBox1
set_QuitToolStripMenuItem
blink:              Defines a blinking text
get_Heading6h6ToolStripMenuItem
set_NewHorizontalItemToolStripMenuItem
m_Javascript_Function
get_Javascript_Function
bimini
MySettingsProperty
playbill
lighter
Action: This will happen once the set time has passed. It is recommended to put a function that you have made in this box.
Utils
livehtml.CCS_Text_Align.resources
get_LinkToolStripMenuItem
get_Message
_CCSCodeHeadingToolStripMenuItem
get_BackgroundimageToolStripMenuItem
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
FileDescription
get_Panel2
</sub>
GetResourceString
System.ComponentModel
@<7unli
m_MyFormsObjectProvider
ResumeLayout
_CorExeMain
get_OrderedListorToolStripMenuItem
set_Javascript_Function
Container
set_CCS_Text_Decoration
get_CCS_background_Repeat
CCS_background_Repeat
Java Structure Setup
Background Color
normal
Computer
comic sans ms
Enter the amount of pixels you want of white 
<img src='
http://12padams.no-ip.org/test.jpg insead of test.jpg 
get_Label2
_TextToolStripMenuItem3
get_BackgroundattachmentToolStripMenuItem
overline:         Defines a line above the text
monotype sorts
ShutdownEventHandler
Make Link
get_SplitContainer1
m_ComputerObjectProvider
_TextToolStripMenuItem1
_DeleteddelToolStripMenuItem
0.4.0.0
VerticalAlignToolStripMenuItem_Click
CompilerGeneratedAttribute
CCS Text Transform
set_TextToolStripMenuItem2
FullPath
System.Runtime.Versioning
set_WebBrowser1
SplitContainer1
_FunctionToolStripMenuItem
map symbols
echo '
_WeightToolStripMenuItem
webdings
Button1_Click
Javascript_Random_Number
set_CheckState
TextBox3
_SaveToolStripMenuItem
center
right
SuperscriptedsupToolStripMenuItem
WindowsFormsApplicationBase
ThreadStaticAttribute
set_FunctionToolStripMenuItem
TableFormatSetupToolStripMenuItem_Click
ItaliciToolStripMenuItem
CCS Background Image
get_TableFormatSetupToolStripMenuItem
livehtml.CCS_Letter_Spacing.resources
get_CCS_Word_Spacing
resourceCulture
#GUID
Heading 6 <h6>
BackgroundcolorToolStripMenuItem
get_CCS_Font_Weight
WrapNonExceptionThrows
_SuperscriptedsupToolStripMenuItem
_TextBox3
PHP Structure Setup
get_htmllink
get_CCS_Text_Align
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
you want to be in bettween each letter typed.
_FontSizeToolStripMenuItem
ImageToolStripMenuItem_Click
get_Heading1h1ToolStripMenuItem
NewHorizontalItemToolStripMenuItem_Click
_Heading5h5ToolStripMenuItem
You can also put in negative numbers if you want
Heading3h3ToolStripMenuItem_Click
set_TableFormatSetupToolStripMenuItem
verdana
TextBox1
westminster
@.reloc
Label2
Align
        The text renders as it is
_Label1
CCS_Text_Transform
Alternate text is displayed a placeholder if
garamond
_CCSToolStripMenuItem1
*BSJB
LineHeightToolStripMenuItem
set_CodeToolStripMenuItem
set_TextBox2
m_MyWebServicesObjectProvider
Heading3h3ToolStripMenuItem
AddRange
Geotype TT)
ClearProjectError
Background
System.Windows.Forms.Form
function 
In the Textbox below enter the amount of pixels that
String
CultureInfo
MyApplication
get_Label7
Alert Box
algerian
get_ViewToolStripMenuItem
GetObjectValue
ToolStripMenuItem
m_CCS_Line_Height
DebuggerNonUserCodeAttribute
get_ccs_background_color
DirectionToolStripMenuItem_Click
set_TextBox3
EventHandler
zapfellipt bt 
JavascriptToolStripMenuItem
there is a gap between the edge of the
m_CCS_Background_Position
_Label9
Heading 3 <h3>
StartJavascriptToolStripMenuItem_Click
GuidAttribute
set_AutoScaleDimensions
livehtml.Resources.resources
repeat-x:     The background image will be repeated horizontally.
ReferenceEquals
!SuperscriptedsupToolStripMenuItem
IndentToolStripMenuItem
set_FileName
Label4.Text
lithograph
own font in the box instead of selecting one
C:\Users\Phillip\documents\visual studio 2010\Projects\livehtml\livehtml\obj\x86\Release\livehtml.pdb
set_SuperscriptedsupToolStripMenuItem
livehtml.CCS_Text_Shadow.resources
TextToolStripMenuItem1
Select from the box below the way you want to 
repeat:        The background image will be repeated both vertically and horizontally.
Exception
My.Computer
C:.u`[U
set_FontToolStripMenuItem
.NET Framework 4 Client Profile
TextToolStripMenuItem1_Click
none:  
A line height in percent of the current font size
Forms
ckblive_CheckedChanged

Archive: de4dot

File Information

File Name	03ec7ba7ee06da50a01d312fe77c010565b3126b87b2ecf790447146c2ee0d14
File Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Associated Filenames	dfc699781837e22302e61c78c7c4d39694b26a3dcc61da7d4e163bdcbb8f3434
File Size	144384 bytes
MD5	ef51d4c4a7d76ecd86b80781f41910bc
SHA1	5e90cad6f51d9b07b2449eeff19335ca86a59020
SHA256	03ec7ba7ee06da50a01d312fe77c010565b3126b87b2ecf790447146c2ee0d14 VT MWDB Bazaar
SHA3-384	a987faed1ce5a8e183bc43cedbd96d25fb5fdfcb4ec9ff8427cc3e25fb1619d2e671d5e3b0337271fbaf72705370870f
CRC32	7AC07222
TLSH	T1D7E3C52236D8A753EA7D73F519B0006452F2ED560132E74E3C29725E19F6742CFB2B2A
Ssdeep	3072:d7VxHdbxLytYA2iCI0MRRMMMMMMMRMRMMM1RRGUlMl5mrOiVZr3QAPzaVNfEaiCr:zqlmBr3Ql

Tools: Extract: Strings Extract: BinGraph

PE Information

Image Base

0x00400000

Entry Point

0x000224ee

Min OS

4.0

Compile Time

2010-11-21 12:05:22

Import Hash

f34d5f2d4577ed6d9ceec516c1f5a744

Icon Hash

ad28893065a52c08b5a6a12d55314087

PDB Path

C:\Users\Phillip\documents\visual studio 2010\Projects\livehtml\livehtml\obj\x86\Release\livehtml.pdb

Translation	0x0000 0x04b0
CompanyName	12padams
FileDescription	livehtml
FileVersion	0.4.0.0
InternalName	livehtml.exe
LegalCopyright	Copyright Â© 12padams 2010
OriginalFilename	livehtml.exe
ProductName	livehtml
ProductVersion	0.4.0.0
Assembly Version	0.4.0.0

Name	RAW Addr	Virt Addr	Virt Size	Raw Size	Characteristics	Entropy
.text	0x00000400	0x00002000	0x000204f4	0x00020600	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.73
.sdata	0x00020a00	0x00024000	0x0000009a	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.22
.rsrc	0x00020c00	0x00026000	0x00003f28	0x00004000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.91
.reloc	0x00024c00	0x0002a000	0x0000000c	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	0.10

Name	Offset	Size	Language	Entropy	Type
RT_ICON	0x00026440	0x00000468	LANG_NEUTRAL	6.01	None
RT_ICON	0x000268a8	0x000010a8	LANG_NEUTRAL	6.19	None
RT_ICON	0x00027950	0x000025a8	LANG_NEUTRAL	5.96	None
RT_GROUP_ICON	0x00029ef8	0x00000030	LANG_NEUTRAL	2.49	None
RT_VERSION	0x00026148	0x000002f4	LANG_NEUTRAL	3.26	None

Address	Name
0x402000	_CorExeMain

Processing 8.85s

7.995s CAPE
0.818s BehaviorAnalysis
0.024s NetworkAnalysis
0.01s AnalysisInfo
0.002s Debug

Signatures 0.69s

0.226s antiav_detectreg
0.082s infostealer_ftp
0.074s territorial_disputes_sigs
0.047s antianalysis_detectreg
0.046s infostealer_im
0.025s antivm_vbox_keys
0.019s masquerade_process_name
0.018s antiav_detectfile
0.016s antivm_vmware_keys
0.016s infostealer_mail
0.011s antivm_parallels_keys
0.011s antivm_xen_keys
0.011s infostealer_bitcoin
0.01s antianalysis_detectfile
0.008s antivm_generic_diskreg
0.008s antivm_vpc_keys
0.007s antivm_vbox_files
0.004s antivm_bochs_keys
0.004s antivm_hyperv_keys
0.004s bypass_firewall
0.004s ransomware_files
0.003s antidebug_devices
0.003s antivm_vmware_files
0.003s ransomware_extensions_known
0.002s antivm_generic_bios
0.002s antivm_vbox_devices
0.002s ketrican_regkeys
0.002s folder_enumeration
0.002s recon_fingerprint
0.001s accesses_netlogon_regkey
0.001s accesses_sysvol
0.001s antiemu_windefend
0.001s antisandbox_cuckoo_files
0.001s antisandbox_fortinet_files
0.001s antisandbox_joe_anubis_files
0.001s antisandbox_sunbelt_files
0.001s antisandbox_threattrack_files
0.001s antivm_vpc_files
0.001s browser_security
0.001s checks_uac_status
0.001s file_credential_store_access
0.001s registry_credential_store_access
0.001s registry_lsa_secrets_access
0.001s disables_backups
0.001s disables_browser_warn
0.001s disables_power_options
0.001s discover_registry_mount_points
0.001s driver_filtermanager
0.001s network_tor_service
0.001s accesses_office_username
0.001s packer_armadillo_regkey
0.001s reads_password_database
0.001s sniffer_winpcap

Reporting 0.06s

0.055s JsonDump

Signatures

Network activity detected but not expressed in monitor API logs

ip: 173.194.76.94

ip: 40.126.31.131

ip: 108.177.15.139

ip: 108.177.15.94

ip: 74.125.206.84

ip: 66.102.1.138

ip: 74.125.206.138

ip: 74.125.133.95

ip: 142.251.150.119

ip: 142.251.168.139

ip: 142.251.168.100

ip: 74.125.206.101

ip: 74.125.71.94

ip: 142.251.16.94

Checks available memory

Queries the keyboard layout

Queries the computer locale (possible geofencing)

SetUnhandledExceptionFilter detected (possible anti-debug)

Checks system language via registry key (possible geofencing)

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US

Checks for mouse movement

mouse_movement: Checks for mouse movement (mouse movement observed in sandbox during sampling).

Queries process token information to check for Administrator privileges or UAC elevation status

Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software

behavioral_fips_reconnaissance: ["HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'", "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'", "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'"]

Registers a vectored exception handler (VEH), possibly to hijack execution flow

The binary contains an unknown PE section name indicative of packing

unknown section: {'name': '.sdata', 'raw_address': '0x00020a00', 'virtual_address': '0x00024000', 'virtual_size': '0x0000009a', 'size_of_data': '0x00000200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '2.22'}

The PE file contains a suspicious PDB path

anomaly: the pdb path contains a reference to a development path or term that may suggest a non-enterprise environment development/compilation

pdbpath: C:\Users\Phillip\documents\visual studio 2010\Projects\livehtml\livehtml\obj\x86\Release\livehtml.pdb

Creates RWX memory

Executes syscalls where the return address or caller points to dynamically allocated (unbacked) memory

unbacked_syscalls: ['HTMLive.exe executed sysenter (KERNEL32.dll) where Caller points to unbacked memory at 0x0930f302']

Touches a file containing cookies, possibly for information gathering

Process: HTMLive.exe (4500)
file		C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCookies
Process: HTMLive.exe (4500)
file		C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCookies
Process: HTMLive.exe (4500)
file		C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCookies
Process: HTMLive.exe (4500)
file		C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCookies

Manipulated process mitigation policies (CFG/DEP/hard error modes) from dynamically allocated (unbacked) memory

unbacked_mitigation_alterations: ['HTMLive.exe executed NtSetInformationProcess (Class: 35) from unbacked caller 0x0930fb63']

Manually resolves API addresses from dynamically allocated (unbacked) memory, indicative of shellcode or an unpacker

unbacked_api_resolutions: ["HTMLive.exe resolved API 'CoTaskMemAlloc' from unbacked caller 0x07f3e24a", "HTMLive.exe resolved API 'DrawThemeBackground' from unbacked caller 0x0f85d0a3", "HTMLive.exe resolved API 'DefWindowProc' from unbacked caller 0x012ad246", "HTMLive.exe resolved API 'IUnknown_QueryService' from unbacked caller 0x0930fb63", "HTMLive.exe resolved API 'SystemParametersInfoW' from unbacked caller 0x0f85b12d", "HTMLive.exe resolved API 'DeleteObject' from unbacked caller 0x0f85a180", "HTMLive.exe resolved API 'ConvertSidToStringSidW' from unbacked caller 0x0930fb63", "HTMLive.exe resolved API 'GdipGetRegionHRgn' from unbacked caller 0x0f85c0bd", "HTMLive.exe resolved API 'SetWindowLong' from unbacked caller 0x07f3ecf0", "HTMLive.exe resolved API 'BitBlt' from unbacked caller 0x0f85e4dd", "HTMLive.exe resolved API 'GetFileType' from unbacked caller 0x07b2ff77", "HTMLive.exe resolved API 'CoTaskMemAlloc' from unbacked caller 0x09387eb3", "HTMLive.exe resolved API 'GetDeviceCaps' from unbacked caller 0x09385f8d", "HTMLive.exe resolved API 'CreateRectRgn' from unbacked caller 0x0f85c7d0", "HTMLive.exe resolved API 'GetTextAlign' from unbacked caller 0x0f85e0be", "HTMLive.exe resolved API 'SystemParametersInfoW' from unbacked caller 0x093066cd", "HTMLive.exe resolved API 'GdipCreateHalftonePalette' from unbacked caller 0x0f858ff1", "HTMLive.exe resolved API 'SetBkMode' from unbacked caller 0x0f85e161", "HTMLive.exe resolved API 'CreateCompatibleBitmap' from unbacked caller 0x0f859d97", "HTMLive.exe resolved API 'ND_WU1_RetAddr' from unbacked caller 0x0930fda6", "HTMLive.exe resolved API 'GetCurrentActCtx' from unbacked caller 0x09380b87", "HTMLive.exe resolved API 'GetClipRgn' from unbacked caller 0x0f85c6f5", "HTMLive.exe resolved API 'GetObjectType' from unbacked caller 0x0f859bd5", "HTMLive.exe resolved API 'GetThemeAppProperties' from unbacked caller 0x093030af", "HTMLive.exe resolved API 'CreateFileW' from unbacked caller 0x07b2ff60", "HTMLive.exe resolved API 'ReleaseDC' from unbacked caller 0x093860a1", "HTMLive.exe resolved API 'CoGetObjectContext' from unbacked caller 0x0930f339", "HTMLive.exe resolved API 'DefWindowProcW' from unbacked caller 0x012ad246", "HTMLive.exe resolved API 'OpenThemeData' from unbacked caller 0x09303425", "HTMLive.exe resolved API 'GetThemeAppPropertiesW' from unbacked caller 0x093030af", "HTMLive.exe resolved API 'GetDlgItem' from unbacked caller 0x09382810", "HTMLive.exe resolved API 'ActivateActCtx' from unbacked caller 0x09380b41", "HTMLive.exe resolved API 'GetBkMode' from unbacked caller 0x0f85e12c", "HTMLive.exe resolved API 'GdipCombineRegionRegion' from unbacked caller 0x0f85e819", "HTMLive.exe resolved API 'SendMessage' from unbacked caller 0x09382649", "HTMLive.exe resolved API 'GdipRestoreGraphics' from unbacked caller 0x0f85a7eb", "HTMLive.exe resolved API 'GdipSaveGraphics' from unbacked caller 0x0f85a660", "HTMLive.exe resolved API 'CoCreateInstance' from unbacked caller 0x0930f1cf", "HTMLive.exe resolved API 'GetDC' from unbacked caller 0x09385f62", "HTMLive.exe resolved API 'GdipSetClipRectI' from unbacked caller 0x0f85a4e2", "HTMLive.exe resolved API 'GetDIBits' from unbacked caller 0x0f859e02", "HTMLive.exe resolved API 'SystemParametersInfo' from unbacked caller 0x093066cd", "HTMLive.exe resolved API 'GdipGetLogFontW' from unbacked caller 0x09382244", "HTMLive.exe resolved API 'ND_WU1' from unbacked caller 0x0930fda6", "HTMLive.exe resolved API 'SetParent' from unbacked caller 0x09385638", "HTMLive.exe resolved API 'CreateFile' from unbacked caller 0x07b2ff60", "HTMLive.exe resolved API 'BeginPaint' from unbacked caller 0x0f8583a9", "HTMLive.exe resolved API 'CreateFontIndirect' from unbacked caller 0x09382070", "HTMLive.exe resolved API 'GdipGetTextRenderingHint' from unbacked caller 0x0f85dafd", "HTMLive.exe resolved API 'SelectPalette' from unbacked caller 0x0f858ad5", "HTMLive.exe resolved API 'CloseThemeData' from unbacked caller 0x0f85d2c6", "HTMLive.exe resolved API 'SelectObject' from unbacked caller 0x0f859a7f", "HTMLive.exe resolved API 'SystemParametersInfo' from unbacked caller 0x0f85b12d", "HTMLive.exe resolved API 'CloseThemeDataW' from unbacked caller 0x0f85d2c6", "HTMLive.exe resolved API 'DeleteDC' from unbacked caller 0x0f85e6f8", "HTMLive.exe resolved API 'EndPaint' from unbacked caller 0x0f85887b", "HTMLive.exe resolved API 'CreateCompatibleDC' from unbacked caller 0x0f8599d3", "HTMLive.exe resolved API 'CoTaskMemFree' from unbacked caller 0x07f3e2dd", "HTMLive.exe resolved API 'Unknown API' from unbacked caller 0x09387eb3", "HTMLive.exe resolved API 'GetTextColor' from unbacked caller 0x0f85e0f1", "HTMLive.exe resolved API 'VariantToStringWithDefault' from unbacked caller 0x09387eb3", "HTMLive.exe resolved API 'NtQuerySystemInformation' from unbacked caller 0x07b2d626", "HTMLive.exe resolved API 'CreateFontIndirectW' from unbacked caller 0x09382070", "HTMLive.exe resolved API 'GdipTranslateWorldTransform' from unbacked caller 0x0f85a3bd", "HTMLive.exe resolved API 'OpenThemeDataW' from unbacked caller 0x09303425", "HTMLive.exe resolved API 'SystemParametersInfo' from unbacked caller 0x09302212", "HTMLive.exe resolved API 'ND_WU1' from unbacked caller 0x0938229f", "HTMLive.exe resolved API 'CreateWindowEx' from unbacked caller 0x07f3e555", "HTMLive.exe resolved API 'ConvertStringSecurityDescriptorToSecurityDescriptorW' from unbacked caller 0x0930fb63", "HTMLive.exe resolved API 'SelectClipRgn' from unbacked caller 0x0f85c8e7", "HTMLive.exe resolved API 'SendMessageW' from unbacked caller 0x09382649", "HTMLive.exe resolved API 'Unknown API' from unbacked caller 0x09387de8", "HTMLive.exe resolved API 'SxsLookupClrGuid' from unbacked caller 0x0930f339", "HTMLive.exe resolved API 'CreateWindowExW' from unbacked caller 0x07f3e555", "HTMLive.exe resolved API 'SetWindowLongW' from unbacked caller 0x07f3ecf0", "HTMLive.exe resolved API 'CreateDIBSection' from unbacked caller 0x0f859c6c", "HTMLive.exe resolved API 'DrawThemeBackgroundW' from unbacked caller 0x0f85d0a3", "HTMLive.exe resolved API 'SystemParametersInfoW' from unbacked caller 0x09302212"]

Loads a new DLL where the caller address originates from dynamically allocated (unbacked) memory

unbacked_library_loads: ['HTMLive.exe loaded ntdll.dll from unbacked caller 0x07b2d626', 'HTMLive.exe loaded ntdll.dll from unbacked caller 0x07b2d626', 'HTMLive.exe loaded comctl32.dll from unbacked caller 0x0930f302', 'HTMLive.exe loaded C:\\Windows\\SysWOW64\\ieframe.dll from unbacked caller 0x0930f302', 'HTMLive.exe loaded user32.dll from unbacked caller 0x0930f302', 'HTMLive.exe loaded sxs.dll from unbacked caller 0x0930f339', 'HTMLive.exe loaded sxs.dll from unbacked caller 0x0930f339', 'HTMLive.exe loaded gdi32.dll from unbacked caller 0x0930fb63', 'HTMLive.exe loaded C:\\Windows\\System32\\dataexchange.dll from unbacked caller 0x0930fb63', 'HTMLive.exe loaded C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll from unbacked caller 0x09387de8', 'HTMLive.exe loaded C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll from unbacked caller 0x09387de8', 'HTMLive.exe loaded OLEAUT32.dll from unbacked caller 0x09387de8', 'HTMLive.exe loaded OLEAUT32.dll from unbacked caller 0x09387de8', 'HTMLive.exe loaded PROPSYS.dll from unbacked caller 0x09387eb3', 'HTMLive.exe loaded msIso.dll from unbacked caller 0x09387eb3']

Altered memory protections from dynamically allocated (unbacked) memory, indicative of self-modifying shellcode or memory patching

unbacked_memory_protection_alterations: ['HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x07f3e24a', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x07f3e24a', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x07f3e2dd', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x07f3e2dd', 'HTMLive.exe changed memory protection at 0x754dd000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x754dd000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x726cf000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x77029000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x77029000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x726cd000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x726cd000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x754dd000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x754dd000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x754dd000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x754dd000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x759a8000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x759a8000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x759a8000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x759a8000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x759a8000 to 0x00000004 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x759a8000 to 0x00000002 from unbacked caller 0x0930f339', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x755b2000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x755b2000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7263d000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7263d000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x77029000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x77029000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721ce000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721ce000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7263d000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7263d000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721d2000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721d2000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721d2000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x0930fb63', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x09387de8', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x09387de8', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x09387de8', 'HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x09387de8', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x09387eb3', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x09387eb3', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x09387eb3', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x09387eb3', 'HTMLive.exe changed memory protection at 0x76872000 to 0x00000004 from unbacked caller 0x09387eb3', 'HTMLive.exe changed memory protection at 0x76872000 to 0x00000002 from unbacked caller 0x09387eb3', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x09387eb3', 'HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x09387eb3']

Attempted to use a COM object (CoCreateInstance) from dynamically allocated (unbacked) memory, possibly for WMI reconnaissance or DCOM lateral movement

unbacked_com_instantiations: ['HTMLive.exe instantiated COM object 8856F961-340A-11D0-A96B-00C04FD705A2 from unbacked caller 0x0930f302', 'HTMLive.exe instantiated COM object 00000346-0000-0000-C000-000000000046 from unbacked caller 0x0930f339', 'HTMLive.exe instantiated COM object 0000034B-0000-0000-C000-000000000046 from unbacked caller 0x0930f339', 'HTMLive.exe instantiated COM object 9FC8E510-A27C-4B3B-B9A3-BF65F00256A8 from unbacked caller 0x0930fb63']

Attempted to open, duplicate, or impersonate an access token from dynamically allocated (unbacked) memory, indicative credential theft or lateral movement

unbacked_token_manipulations: ['HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63', 'HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63']

The PE entry point is located unusually far into section, indicative of an appended packer stub that jumps to the original entry point (OEP)

anomaly_description: The PE entry point (0x224ee) is located 100.0% deep into the '.text' section. Normal compilers place the EP near the beginning. This strongly indicates an appended packer stub or shellcode.

entry_point: 0x224ee

section_name: .text

section_virtual_address: 0x2000

section_virtual_size: 0x204f4

offset_bytes: 0x204ee

depth_percentage: 100.0

section_entropy: 5.73

Screenshots

Hosts

Direct	IP	Country Name	ASN
Y	173.194.76.94 [VT]	unknown	-
Y	40.126.31.131 [VT]	unknown	-
Y	108.177.15.139 [VT]	unknown	-
Y	108.177.15.94 [VT]	unknown	-
Y	74.125.206.84 [VT]	unknown	-
Y	66.102.1.138 [VT]	unknown	-
Y	74.125.206.138 [VT]	unknown	-
Y	74.125.133.95 [VT]	unknown	-
Y	142.251.150.119 [VT]	unknown	-
Y	142.251.168.139 [VT]	unknown	-
Y	142.251.168.100 [VT]	unknown	-
Y	74.125.206.101 [VT]	unknown	-
Y	74.125.71.94 [VT]	unknown	-
Y	142.251.16.94 [VT]	unknown	-

Summary

Accessed Files Registry Keys Read Registry Keys Modified Registry Keys Mutexes

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe.config
C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Users\Rajesh\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HTMLive.exe.log
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\45cef8929f7918524d50f1f75c04b1c3\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\45cef8929f7918524d50f1f75c04b1c3\mscorlib.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Rajesh
C:\Users\Rajesh\AppData
C:\Users\Rajesh\AppData\Local
C:\Users\Rajesh\AppData\Local\Temp
C:\Windows\System32\bcryptPrimitives.dll
\Device\CNG
C:\Windows\assembly\NativeImages_v4.0.30319_32\livehtml\*
C:\Users\Rajesh\AppData\Local\Temp\HTMLive.INI
C:\Windows\assembly\pubpol36.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\System32\windows.storage.dll
C:\Users\Rajesh\AppData\Local\Temp\Wldp.dll
C:\Windows\System32\wldp.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\System32\riched20.dll
C:\Users\Rajesh\AppData\Local\Temp\winnlsres.dll
C:\Windows\System32\winnlsres.dll
C:\Windows\System32\en-US\winnlsres.dll.mui
C:\Windows\sysnative\en-US\winnlsres.dll.mui
C:\Windows\WinSxS\SystemResources\gdiplus.dll.mun
C:\Windows\System32\DWrite.dll
C:\Windows\System32\msctf.dll
C:\Windows\Fonts\arial.ttf
C:\Windows\Fonts\ariblk.ttf
C:\Windows\Fonts\arialbd.ttf
C:\Windows\Fonts\arialbi.ttf
C:\Windows\Fonts\ariali.ttf
C:\Windows\Fonts\BAHNSCHRIFT.TTF
C:\Windows\Fonts\calibri.ttf
C:\Windows\Fonts\calibrib.ttf
C:\Windows\Fonts\calibriz.ttf
C:\Windows\Fonts\calibrii.ttf
C:\Windows\Fonts\calibril.ttf
C:\Windows\Fonts\CALIBRILI.TTF
C:\Windows\Fonts\cambria.ttc
C:\Windows\Fonts\cambriab.ttf
C:\Windows\Fonts\cambriaz.ttf
C:\Windows\Fonts\cambriai.ttf
C:\Windows\Fonts\Candara.ttf
C:\Windows\Fonts\Candarab.ttf
C:\Windows\Fonts\Candaraz.ttf
C:\Windows\Fonts\Candarai.ttf
C:\Windows\Fonts\Candaral.ttf
C:\Windows\Fonts\CANDARALI.TTF
C:\Windows\Fonts\comic.ttf
C:\Windows\Fonts\comicbd.ttf
C:\Windows\Fonts\comicz.ttf
C:\Windows\Fonts\comici.ttf
C:\Windows\Fonts\consola.ttf
C:\Windows\Fonts\consolab.ttf
C:\Windows\Fonts\consolaz.ttf
C:\Windows\Fonts\consolai.ttf
C:\Windows\Fonts\constan.ttf
C:\Windows\Fonts\constanb.ttf
C:\Windows\Fonts\constanz.ttf
C:\Windows\Fonts\constani.ttf
C:\Windows\Fonts\corbel.ttf
C:\Windows\Fonts\corbelb.ttf
C:\Windows\Fonts\corbelz.ttf
C:\Windows\Fonts\corbeli.ttf
C:\Windows\Fonts\corbell.ttf
C:\Windows\Fonts\corbelli.ttf
C:\Windows\Fonts\cour.ttf
C:\Windows\Fonts\courbd.ttf
C:\Windows\Fonts\courbi.ttf
C:\Windows\Fonts\couri.ttf
C:\Windows\Fonts\ebrima.ttf
C:\Windows\Fonts\ebrimabd.ttf
C:\Windows\Fonts\framd.ttf
C:\Windows\Fonts\framdit.ttf
C:\Windows\Fonts\Gabriola.ttf
C:\Windows\Fonts\gadugi.ttf
C:\Windows\Fonts\gadugib.ttf
C:\Windows\Fonts\georgia.ttf
C:\Windows\Fonts\georgiab.ttf
C:\Windows\Fonts\georgiaz.ttf
C:\Windows\Fonts\georgiai.ttf
C:\Windows\Fonts\impact.ttf
C:\Windows\Fonts\Inkfree.ttf
C:\Windows\Fonts\javatext.ttf
C:\Windows\Fonts\LeelawUI.ttf
C:\Windows\Fonts\LeelaUIb.ttf
C:\Windows\Fonts\LeelUIsl.ttf
C:\Windows\Fonts\lucon.ttf
C:\Windows\Fonts\l_10646.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\malgunbd.ttf
C:\Windows\Fonts\malgunsl.ttf
C:\Windows\Fonts\himalaya.ttf
C:\Windows\Fonts\msjh.ttc
C:\Windows\Fonts\msjhbd.ttc
C:\Windows\Fonts\msjhl.ttc
C:\Windows\Fonts\ntailu.ttf
C:\Windows\Fonts\ntailub.ttf
C:\Windows\Fonts\phagspa.ttf
C:\Windows\Fonts\phagspab.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\taile.ttf
C:\Windows\Fonts\taileb.ttf
C:\Windows\Fonts\msyh.ttc
C:\Windows\Fonts\msyhbd.ttc
C:\Windows\Fonts\msyhl.ttc
C:\Windows\Fonts\msyi.ttf
C:\Windows\Fonts\mingliub.ttc
C:\Windows\Fonts\modern.fon
C:\Windows\Fonts\monbaiti.ttf
C:\Windows\Fonts\msgothic.ttc
C:\Windows\Fonts\mvboli.ttf
C:\Windows\Fonts\mmrtext.ttf
C:\Windows\Fonts\mmrtextb.ttf
C:\Windows\Fonts\Nirmala.ttf
C:\Windows\Fonts\NirmalaB.ttf
C:\Windows\Fonts\NirmalaS.ttf
C:\Windows\Fonts\pala.ttf
C:\Windows\Fonts\palab.ttf
C:\Windows\Fonts\palabi.ttf
C:\Windows\Fonts\palai.ttf
C:\Windows\Fonts\roman.fon
C:\Windows\Fonts\script.fon
C:\Windows\Fonts\segmdl2.ttf
C:\Windows\Fonts\segoepr.ttf
C:\Windows\Fonts\segoeprb.ttf
C:\Windows\Fonts\segoesc.ttf
C:\Windows\Fonts\segoescb.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\seguibl.ttf
C:\Windows\Fonts\seguibli.ttf
C:\Windows\Fonts\segoeuib.ttf
C:\Windows\Fonts\segoeuiz.ttf
C:\Windows\Fonts\seguiemj.ttf
C:\Windows\Fonts\seguihis.ttf
C:\Windows\Fonts\segoeuii.ttf
C:\Windows\Fonts\segoeuil.ttf
C:\Windows\Fonts\seguili.ttf
C:\Windows\Fonts\seguisb.ttf
C:\Windows\Fonts\seguisbi.ttf
C:\Windows\Fonts\SEGOEUISL.TTF
C:\Windows\Fonts\seguisli.ttf
C:\Windows\Fonts\seguisym.ttf
C:\Windows\Fonts\simsun.ttc
C:\Windows\Fonts\simsunb.ttf
C:\Windows\Fonts\Sitka.ttc
C:\Windows\Fonts\SitkaB.ttc
C:\Windows\Fonts\SitkaZ.ttc
C:\Windows\Fonts\SitkaI.ttc
C:\Windows\Fonts\sylfaen.ttf
C:\Windows\Fonts\symbol.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\tahomabd.ttf
C:\Windows\Fonts\times.ttf
C:\Windows\Fonts\timesbd.ttf
C:\Windows\Fonts\timesbi.ttf
C:\Windows\Fonts\timesi.ttf
C:\Windows\Fonts\trebuc.ttf
C:\Windows\Fonts\trebucbd.ttf
C:\Windows\Fonts\trebucbi.ttf
C:\Windows\Fonts\trebucit.ttf
C:\Windows\Fonts\verdana.ttf
C:\Windows\Fonts\verdanab.ttf
C:\Windows\Fonts\verdanaz.ttf
C:\Windows\Fonts\verdanai.ttf
C:\Windows\Fonts\webdings.ttf
C:\Windows\Fonts\wingding.ttf
C:\Windows\Fonts\YuGothB.ttc
C:\Windows\Fonts\YuGothL.ttc
C:\Windows\Fonts\YuGothM.ttc
C:\Windows\Fonts\YuGothR.ttc
C:\Windows\Fonts\coure.fon
C:\Windows\Fonts\courf.fon
C:\Windows\Fonts\serife.fon
C:\Windows\Fonts\seriff.fon
C:\Windows\Fonts\sserife.fon
C:\Windows\Fonts\sseriff.fon
C:\Windows\Fonts\smalle.fon
C:\Windows\Fonts\smallf.fon
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\EQUATION\MTEXTRA.TTF
C:\Windows\Fonts\CENTURY.TTF
C:\Windows\Fonts\LEELAWAD.TTF
C:\Windows\Fonts\MSUIGHUR.TTF
C:\Windows\Fonts\WINGDNG2.TTF
C:\Windows\Fonts\WINGDNG3.TTF
C:\Windows\Fonts\TEMPSITC.TTF
C:\Windows\Fonts\PRISTINA.TTF
C:\Windows\Fonts\PAPYRUS.TTF
C:\Windows\Fonts\MISTRAL.TTF
C:\Windows\Fonts\LHANDW.TTF
C:\Windows\Fonts\ITCKRIST.TTF
C:\Windows\Fonts\JUICE___.TTF
C:\Windows\Fonts\FRSCRIPT.TTF
C:\Windows\Fonts\FREESCPT.TTF
C:\Windows\Fonts\BRADHITC.TTF
C:\Windows\Fonts\OUTLOOK.TTF
C:\Windows\Fonts\ARIALN.TTF
C:\Windows\Fonts\BKANT.TTF
C:\Windows\Fonts\GARA.TTF
C:\Windows\Fonts\MTCORSVA.TTF
C:\Windows\Fonts\GOTHIC.TTF
C:\Windows\Fonts\ALGER.TTF
C:\Windows\Fonts\BASKVILL.TTF
C:\Windows\Fonts\BAUHS93.TTF
C:\Windows\Fonts\BELL.TTF
C:\Windows\Fonts\BRLNSB.TTF
C:\Windows\Fonts\BERNHC.TTF
C:\Windows\Fonts\BOD_PSTC.TTF
C:\Windows\Fonts\BRITANIC.TTF
C:\Windows\Fonts\BROADW.TTF
C:\Windows\Fonts\BRUSHSCI.TTF
C:\Windows\Fonts\CALIFR.TTF
C:\Windows\Fonts\CENTAUR.TTF
C:\Windows\Fonts\CHILLER.TTF
C:\Windows\Fonts\COLONNA.TTF
C:\Windows\Fonts\COOPBL.TTF
C:\Windows\Fonts\FTLTLT.TTF
C:\Windows\Fonts\HARLOWSI.TTF
C:\Windows\Fonts\HARNGTON.TTF
C:\Windows\Fonts\HTOWERT.TTF
C:\Windows\Fonts\JOKERMAN.TTF
C:\Windows\Fonts\KUNSTLER.TTF
C:\Windows\Fonts\LBRITE.TTF
C:\Windows\Fonts\LCALLIG.TTF
C:\Windows\Fonts\LFAX.TTF
C:\Windows\Fonts\MAGNETOB.TTF
C:\Windows\Fonts\MATURASC.TTF
C:\Windows\Fonts\MOD20.TTF
C:\Windows\Fonts\NIAGENG.TTF
C:\Windows\Fonts\NIAGSOL.TTF
C:\Windows\Fonts\OLDENGL.TTF
C:\Windows\Fonts\ONYX.TTF
C:\Windows\Fonts\PARCHM.TTF
C:\Windows\Fonts\PLAYBILL.TTF
C:\Windows\Fonts\POORICH.TTF
C:\Windows\Fonts\RAVIE.TTF
C:\Windows\Fonts\INFROMAN.TTF
C:\Windows\Fonts\SHOWG.TTF
C:\Windows\Fonts\SNAP____.TTF
C:\Windows\Fonts\STENCIL.TTF
C:\Windows\Fonts\VINERITC.TTF
C:\Windows\Fonts\VIVALDII.TTF
C:\Windows\Fonts\VLADIMIR.TTF
C:\Windows\Fonts\LATINWD.TTF
C:\Windows\Fonts\TCM_____.TTF
C:\Windows\Fonts\TCCB____.TTF
C:\Windows\Fonts\TCCM____.TTF
C:\Windows\Fonts\TCB_____.TTF
C:\Windows\Fonts\SCRIPTBL.TTF
C:\Windows\Fonts\ROCKEB.TTF
C:\Windows\Fonts\ROCC____.TTF
C:\Windows\Fonts\ROCK.TTF
C:\Windows\Fonts\RAGE.TTF
C:\Windows\Fonts\PERTIBD.TTF
C:\Windows\Fonts\PER_____.TTF
C:\Windows\Fonts\PALSCRI.TTF
C:\Windows\Fonts\OCRAEXT.TTF
C:\Windows\Fonts\MAIAN.TTF
C:\Windows\Fonts\LTYPE.TTF
C:\Windows\Fonts\LSANS.TTF
C:\Windows\Fonts\IMPRISHA.TTF
C:\Windows\Fonts\HATTEN.TTF
C:\Windows\Fonts\GOUDYSTO.TTF
C:\Windows\Fonts\GOUDOS.TTF
C:\Windows\Fonts\GLECB.TTF
C:\Windows\Fonts\GILLUBCD.TTF
C:\Windows\Fonts\GILSANUB.TTF
C:\Windows\Fonts\GILC____.TTF
C:\Windows\Fonts\GIL_____.TTF
C:\Windows\Fonts\GLSNECB.TTF
C:\Windows\Fonts\GIGI.TTF
C:\Windows\Fonts\FRAMDCN.TTF
C:\Windows\Fonts\FRAHV.TTF
C:\Windows\Fonts\FRADMCN.TTF
C:\Windows\Fonts\FRADM.TTF
C:\Windows\Fonts\FRABK.TTF
C:\Windows\Fonts\FORTE.TTF
C:\Windows\Fonts\FELIXTI.TTF
C:\Windows\Fonts\ERASMD.TTF
C:\Windows\Fonts\ERASLGHT.TTF
C:\Windows\Fonts\ERASDEMI.TTF
C:\Windows\Fonts\ERASBD.TTF
C:\Windows\Fonts\ENGR.TTF
C:\Windows\Fonts\ELEPHNT.TTF
C:\Windows\Fonts\ITCEDSCR.TTF
C:\Windows\Fonts\CURLZ___.TTF
C:\Windows\Fonts\COPRGTL.TTF
C:\Windows\Fonts\COPRGTB.TTF
C:\Windows\Fonts\CENSCBK.TTF
C:\Windows\Fonts\CASTELAR.TTF
C:\Windows\Fonts\CALIST.TTF
C:\Windows\Fonts\BOOKOS.TTF
C:\Windows\Fonts\BOD_CR.TTF
C:\Windows\Fonts\BOD_BLAR.TTF
C:\Windows\Fonts\BOD_R.TTF
C:\Windows\Fonts\ITCBLKAD.TTF
C:\Windows\Fonts\ARLRDBD.TTF
C:\Windows\Fonts\AGENCYB.TTF
C:\Windows\Fonts\LEELAWDB.TTF
C:\Windows\Fonts\MSUIGHUB.TTF
C:\Windows\Fonts\BSSYM7.TTF
C:\Windows\Fonts\REFSAN.TTF
C:\Windows\Fonts\REFSPCL.TTF
C:\Windows\Fonts\ARIALNB.TTF
C:\Windows\Fonts\ARIALNBI.TTF
C:\Windows\Fonts\ARIALNI.TTF
C:\Windows\Fonts\ANTQUAB.TTF
C:\Windows\Fonts\ANTQUABI.TTF
C:\Windows\Fonts\ANTQUAI.TTF
C:\Windows\Fonts\GARABD.TTF
C:\Windows\Fonts\GARAIT.TTF
C:\Windows\Fonts\GOTHICB.TTF
C:\Windows\Fonts\GOTHICBI.TTF
C:\Windows\Fonts\GOTHICI.TTF
C:\Windows\Fonts\BELLB.TTF
C:\Windows\Fonts\BELLI.TTF
C:\Windows\Fonts\BRLNSDB.TTF
C:\Windows\Fonts\BRLNSR.TTF
C:\Windows\Fonts\CALIFB.TTF
C:\Windows\Fonts\CALIFI.TTF
C:\Windows\Fonts\HTOWERTI.TTF
C:\Windows\Fonts\LBRITED.TTF
C:\Windows\Fonts\LBRITEDI.TTF
C:\Windows\Fonts\LBRITEI.TTF
C:\Windows\Fonts\LFAXD.TTF
C:\Windows\Fonts\LFAXDI.TTF
C:\Windows\Fonts\LFAXI.TTF
C:\Windows\Fonts\TCMI____.TTF
C:\Windows\Fonts\TCCEB.TTF
C:\Windows\Fonts\TCBI____.TTF
C:\Windows\Fonts\ROCCB___.TTF
C:\Windows\Fonts\ROCKB.TTF
C:\Windows\Fonts\ROCKBI.TTF
C:\Windows\Fonts\ROCKI.TTF
C:\Windows\Fonts\PERTILI.TTF
C:\Windows\Fonts\PERBI___.TTF
C:\Windows\Fonts\PERB____.TTF
C:\Windows\Fonts\PERI____.TTF
C:\Windows\Fonts\LTYPEB.TTF
C:\Windows\Fonts\LTYPEBO.TTF
C:\Windows\Fonts\LTYPEO.TTF
C:\Windows\Fonts\LSANSD.TTF
C:\Windows\Fonts\LSANSDI.TTF
C:\Windows\Fonts\LSANSI.TTF
C:\Windows\Fonts\GOUDOSB.TTF
C:\Windows\Fonts\GOUDOSI.TTF
C:\Windows\Fonts\GILBI___.TTF
C:\Windows\Fonts\GILB____.TTF
C:\Windows\Fonts\GILI____.TTF
C:\Windows\Fonts\FRAHVIT.TTF
C:\Windows\Fonts\FRADMIT.TTF
C:\Windows\Fonts\FRABKIT.TTF
C:\Windows\Fonts\ELEPHNTI.TTF
C:\Windows\Fonts\SCHLBKB.TTF
C:\Windows\Fonts\SCHLBKBI.TTF
C:\Windows\Fonts\SCHLBKI.TTF
C:\Windows\Fonts\CALISTB.TTF
C:\Windows\Fonts\CALISTBI.TTF
C:\Windows\Fonts\CALISTI.TTF
C:\Windows\Fonts\BOOKOSB.TTF
C:\Windows\Fonts\BOOKOSBI.TTF
C:\Windows\Fonts\BOOKOSI.TTF
C:\Windows\Fonts\BOD_CB.TTF
C:\Windows\Fonts\BOD_CBI.TTF
C:\Windows\Fonts\BOD_CI.TTF
C:\Windows\Fonts\BOD_BLAI.TTF
C:\Windows\Fonts\BOD_B.TTF
C:\Windows\Fonts\BOD_BI.TTF
C:\Windows\Fonts\BOD_I.TTF
C:\Windows\Fonts\AGENCYR.TTF
C:\Windows\Fonts\marlett.ttf
C:\Windows\System32\sxs.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Windows\sysnative\en-US\KERNELBASE.dll.mui
C:\Windows\System32\twinapi.appcore.dll
C:\Users\Rajesh\AppData\Local\Temp\urlmon.dll
C:\Windows\System32\urlmon.dll
C:\Users\Rajesh\AppData\Local\Temp\srvcli.dll
C:\Windows\System32\srvcli.dll
C:\Windows\System32\en-US\ieframe.dll.mui
C:\Windows\sysnative\en-US\ieframe.dll.mui
C:\Windows\WindowsShell.manifest
C:\Windows\System32\srpapi.dll
C:\Windows\System32\en-US\urlmon.dll.mui
C:\Windows\Fonts\staticcache.dat
C:\Users\Rajesh\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Users\Rajesh\AppData\Local\Temp\en-US\livehtml.resources.dll
C:\Users\Rajesh\AppData\Local\Temp\en-US\livehtml.resources\livehtml.resources.dll
C:\Users\Rajesh\AppData\Local\Temp\en-US\livehtml.resources.exe
C:\Users\Rajesh\AppData\Local\Temp\en-US\livehtml.resources\livehtml.resources.exe
C:\Users\Rajesh\AppData\Local\Temp\en\livehtml.resources.dll
C:\Users\Rajesh\AppData\Local\Temp\en\livehtml.resources\livehtml.resources.dll
C:\Users\Rajesh\AppData\Local\Temp\en\livehtml.resources.exe
C:\Users\Rajesh\AppData\Local\Temp\en\livehtml.resources\livehtml.resources.exe
C:\Windows\System32\en-US\USER32.dll.mui
C:\Windows\win.ini
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\System32\en-US\mshtml.dll.mui
C:\Windows\sysnative\en-US\mshtml.dll.mui
C:\Windows\System32\d2d1.dll
C:\Windows\System32\resourcepolicyclient.dll
C:\Windows\System32\DXCore.dll
C:\Windows\System32\cfgmgr32.dll
\Device\DeviceApi\CMApi
C:\Windows\System32\d3d10warp.dll
C:\Users\Rajesh\AppData\Local\Temp\d3d10warp.dll
C:\Windows\System32\mshtml.tlb
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.mshtml\v4.0_7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.mshtml\v4.0_7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
C:\Windows\Microsoft.Net\assembly\GAC\Microsoft.mshtml\v4.0_7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
C:\Windows\assembly\GAC_32\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.mshtml\*
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.INI
C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCache
C:\Users\Rajesh\AppData\Local\Microsoft\Windows
C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCache\Content.IE5
C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCache\IE
C:\Users\Rajesh\AppData\Local\Microsoft\Windows\INetCookies
C:\Users\Rajesh\AppData\Local\Microsoft\Windows\History
C:\Users\Rajesh\AppData\Local\Microsoft\Windows\History\History.IE5

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\policy\standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3262678163-160926255-2192883574-1002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectWrite
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache\Parameters\ClientCacheSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-SG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib
HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_CLASSES_ROOT\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\AlwaysReadHKCRForCLSIDs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32\Class
HKEY_CLASSES_ROOT\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_CURRENT_USER\Software\Classes\AppID\HTMLive.exe
HKEY_LOCAL_MACHINE\Software\Classes\AppID\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{00000160-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000160-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Extensions\DragDropExtension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\NavigationDelay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HTMLive.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\FolderValueFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CURRENT_USER\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\RpcCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\DocObjectView
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\DocObjectView\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Name-Space Handler\
HKEY_LOCAL_MACHINE\Software\Classes\PROTOCOLS\Name-Space Handler
HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Name-Space Handler\about\
HKEY_LOCAL_MACHINE\Software\Classes\PROTOCOLS\Name-Space Handler\about
HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Name-Space Handler\*\
HKEY_LOCAL_MACHINE\Software\Classes\PROTOCOLS\Name-Space Handler\*
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\about
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MediaTypeClass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\ZoneMap\Ranges\
HKEY_CURRENT_USER\ZoneMap\Ranges\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OLEALIAS_GWND
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TOPMOST_GWND
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\*
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_COMPAT_LOGGING
HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\text/html
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2703
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2703
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Security\Floppy Access
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_IGNORE_ZONE_FOR_SECURITYID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Zoom\ZoomDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Zoom
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VSYNC_WATCHDOG
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\RenderingLoopMaxTime
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\International\Scripts
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Text Scaling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Viewport
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Larger Hit Test
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Script
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\DISAMBIGUATION
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\Theme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Theme\FontScale
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OPTICAL_ZOOM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Version Vector
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\IEDevTools\Options
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/xml\UserChoice
HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\text/xml
HKEY_LOCAL_MACHINE\Software\Classes\MIME\Database\Content Type\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PhishingFilter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhishingFilter
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\PhishingFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-3262678163-160926255-2192883574-1002
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROCESS_XML_AS_HTML
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Low Rights
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_CURRENT_USER\Software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}
HKEY_CURRENT_USER\Software\Classes\CLSID\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}
HKEY_CURRENT_USER\Software\Classes\CLSID\{7693E886-51C9-4070-8419-9F70738EC8FA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7693E886-51C9-4070-8419-9F70738EC8FA}
HKEY_CURRENT_USER\Software\Classes\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}
HKEY_CURRENT_USER\Software\Classes\CLSID\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}
HKEY_CURRENT_USER\Software\Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}
HKEY_CURRENT_USER\Software\Classes\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}
HKEY_CURRENT_USER\Software\Classes\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}
HKEY_CURRENT_USER\Software\Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}
HKEY_CURRENT_USER\Software\Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}
HKEY_CURRENT_USER\Software\Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}
HKEY_CURRENT_USER\Software\Classes\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}
HKEY_CURRENT_USER\Software\Classes\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}
HKEY_CURRENT_USER\Software\Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}
HKEY_CURRENT_USER\Software\Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}
HKEY_CURRENT_USER\Software\Classes\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}
HKEY_CURRENT_USER\Software\Classes\CLSID\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}
HKEY_CURRENT_USER\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CURRENT_USER\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3262678163-160926255-2192883574-1002\Installer\Assemblies\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3262678163-160926255-2192883574-1002\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Microsoft Sans Serif
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct2D
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\Direct2D
HKEY_CURRENT_USER\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DX6TextureEnumInclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\SecurityDescriptor
HKEY_CURRENT_USER\Software\Microsoft\DirectX\UserGpuPreferences
HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX\UserGpuPreferences\DirectXUserGlobalSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX\UserGpuPreferences\C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_D3D_MULTITHREADING
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_D3D_DEBUG_LAYER
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\GraphicsDrivers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\UseSWRender
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\UseSWRender
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo
HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\ImplementedInThisVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\RuntimeVersion
HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32\7.0.3300.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\2\KnownFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_USERS\.DEFAULT
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
HKEY_CURRENT_USER\Software\Microsoft\Ftp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\FTP\Use Web Based FTP
HKEY_LOCAL_MACHINE\Software\Microsoft\Ftp
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Avalon.Graphics\DISPLAY1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BINARY_CALLER_SERVICE_PROVIDER

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-SG
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\AlwaysReadHKCRForCLSIDs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32\Class
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Extensions\DragDropExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\NavigationDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\FolderValueFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\RpcCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\DocObjectView\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2703
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2703
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Zoom\ZoomDisabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\RenderingLoopMaxTime
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\RtfConverterFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CSS_Compat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Expand Alt Text
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Display Inline Images
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Display Inline Videos
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Play_Background_Sounds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Play_Animations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PageSetup\Print_Background
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\XMLHTTP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Show image placeholders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Script Debugger
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Move System Caret
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Enable AutoImageResize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\UseHR
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Q300829
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Cleanup HTCs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\XDomainRequest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\DOMStorage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Default_CodePage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\AutoDetect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color Visited
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color Hover
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Always Use My Colors
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Always Use My Font Size
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Always Use My Font Face
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\MiscFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Theme\FontScale
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Version Vector\IE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Version Vector\VML
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\SecurityDescriptor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX\UserGpuPreferences\DirectXUserGlobalSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX\UserGpuPreferences\C:\Users\Rajesh\AppData\Local\Temp\HTMLive.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\UseSWRender
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\UseSWRender
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\ImplementedInThisVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\7.0.3300.0\CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D9DC8A3B-B784-432E-A781-5A1130A75963}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\FTP\Use Web Based FTP
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\HTMLive.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix

Local\SM0:4500:168:WilStaging_02
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\MSCTF.Asm.MutexDefault2
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault2

No results found.

No behavioral analysis data available.

Sorry! No strace.

Sorry! No tracee.

Hosts (0)
DNS (0)

Hosts

No hosts contacted.

TCP Connections

No TCP connections recorded.

UDP Connections

No UDP connections recorded.

DNS Requests

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP Traffic

No SMTP traffic performed.

IRC Traffic

No IRC requests performed.

ICMP Traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

No dropped files found.

No CAPE payloads found.

Sorry! No process dumps.

Analysis Details

Options

Analysis Log

Process Log

Pre-Script Log

During-Script Log

Machine Information

File Details

File Information

Strings

Archive: de4dot

File Information

PE Information

Version Info

Sections

Resources

Imports

mscoree

Statistics 9.60s

Signatures

Screenshots

Hosts

Summary

Hosts

TCP Connections

UDP Connections

DNS Requests

HTTP Requests

SMTP Traffic

IRC Traffic

ICMP Traffic

CIF Results

Suricata Alerts

Suricata TLS

Suricata HTTP