'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-11-03 20:47:34.160228 2017-11-03 20:49:27.866748 113 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-11-03 20:47:34 2017-11-03 20:49:27

File Details

File name bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
File size 1235280 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
CRC32 1E50B160
MD5 d8c5a4586018d94b10f985dce7248c18
SHA1 bfc3117b7d7d00d42f76051bef4b7382dac0377a
SHA256 3fa7fbdc5dc7ba87866b53f52b9dbe3824c9116d973797d8cd09a40acb3e0200
SHA512 aaf428de3294a2619af2c3a3eaaa9a9724937d4a48ff4e710eb340d7df2cc8ad18a557c2faf690ec78e21e2b672678bd9748674244921aefe668260f8908f255
Ssdeep None
PEiD
  • UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=2, VT[1509756717]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
0490a754ecbea4cd_Opera_installer_2017114475882.dll: Str_Win32_Http_API
6c7fea56a89aa75d_jd3fr+e6.exe.part: Str_Win32_Http_API
958d9f86b6f0a751e4a53751c0e1562f26879f1a [BUFFER]: shellcode
d8a9200747a6b09e407e8b351cb7bfee31fa62d1 [BUFFER]: embedded_pe
d8a9200747a6b09e407e8b351cb7bfee31fa62d1 [BUFFER]: shellcode
3e8b7d692ac668e184b095c85729eb13f2af8140 [BUFFER]: shellcode
c5b42932d6ae1c10838dd5044dcef64e08383f48 [BUFFER]: shellcode
822c933a5958e0d9851245d466429a2e5dd4e236 [BUFFER]: shellcode
abb25f3a9b597a70d24fb4c48ad68c39271d25d3 [BUFFER]: embedded_win_api
b8df09d6a9e810fa1809014d760760c435ed9cce [BUFFER]: embedded_pe
c67688827fe98024de77cd029f45c2b1eccbc7f3 [BUFFER]: shellcode
0ee5b7177330974bfb2960e9c08129781692a0db [BUFFER]: shellcode
3d9cbd4764458ec9c60abed5e677d44d0a7f10f6 [BUFFER]: shellcode
b94d92af3711ddaa366fb847ebfa5a2f784f51bf [BUFFER]: shellcode
6028c8f0d22a59891c86d5f520287c8578570cd3 [BUFFER]: shellcode
7a4081549ecf85855c36e86728d4d35ff579b4a6 [BUFFER]: shellcode
dab9d62ff42bf60251745f366543d6f9d0c614b8 [BUFFER]: shellcode
7348c8c16981dcc7ad84bbee18cc336f55ecb8fb [BUFFER]: shellcode
5010bfdd93ede2e2d5cfa0f16a0faddd21524730 [BUFFER]: shellcode
4e0274e7e8034b9ef72c07f3ea9fa423237a88e0 [BUFFER]: shellcode
3b8cb4e74ba6da25f58f31bab334591925c07799 [BUFFER]: shellcode
3140175415099d22835c6300793f58506ed907d9 [BUFFER]: shellcode
a8c0808167f1a8c5c16a574310e33ddeade30db3 [BUFFER]: shellcode
99fca7194b3ee614fb073ab3f07cf98aab882287 [BUFFER]: shellcode
da5dbeb20db779770b8ac4de83b5e66f12a95f7b [BUFFER]: shellcode
5970f4c68401aa094f4820f61932fc8ed86a5308 [BUFFER]: shellcode
d64a1d289c63308e70d6872dbac8e90414f424ee [BUFFER]: shellcode
5b674fec085f404a1caeb58ef3275483fd4cce37 [BUFFER]: shellcode
60fdfed06a73823e3c5a1ad6096e9f4ca50b19da [BUFFER]: shellcode
8bcd3576c9bdfbc71e1327a1cf7e099d8ea338cc [BUFFER]: shellcode
e00a1f417389a38942e9621f72336eee97e46775 [BUFFER]: shellcode
7eafbbc98fc35478691a289825f682e6831947f9 [BUFFER]: shellcode
40d628ffe3bdb18805c7e6236ed82ec7cda17c84 [BUFFER]: shellcode
cf75f006c7af887bb127c49f1cdedd6f6e580a6f [BUFFER]: shellcode
4ceebf44f6914970537226aa5d92a686b077e6e6 [BUFFER]: shellcode
4e28469d118734804cb6cd51e7305704dd71fc11 [BUFFER]: shellcode
b3f5fd50d9f3e26eeb03c6c6834c9435f4760d6a [BUFFER]: shellcode
9ba098cfca38fa2caa7d625d8096727c6aacbb50 [BUFFER]: embedded_win_api
fd78ca7a50e40e14966e7e265b7057154b5faec3 [BUFFER]: shellcode
4d69928356413f95849213d2fefa979f581ad3aa [BUFFER]: shellcode
a5cea3bd6a48819f88e2bc3271d180d87db6e75b [BUFFER]: shellcode
451e7b5a5000fa62a25eccfb6bd8c8f718c0f4b8 [BUFFER]: shellcode
dceb86fc235dee6c375d9313f5e5e9cb11cc9b68 [BUFFER]: shellcode
765c11a3c4a0752b8541d44d72fe8e2d17bf1f3a [BUFFER]: shellcode
18deb0572fee5e18f057d95c45ce0bc559e3ab0d [BUFFER]: shellcode
455d0a5b61b636e9548f1d1903feb7b893106abd [BUFFER]: shellcode
fe5dfb19f565511cf169111ad1d33928b45e1150 [BUFFER]: shellcode
082160b49024a8b8d0130dc4d7b558136dcd1f5b [BUFFER]: shellcode
92a7507ce4384ead955ff1f1dcb44bc553ee4307 [BUFFER]: shellcode
e3a3eda694bb509897dc746dfefb1026713f8a94 [BUFFER]: shellcode
66d62c0f2c313d470dfc88f751115726dce27bd7 [BUFFER]: shellcode
bbfebee5b9ccd4c5950364f0f976bda9d6af4c24 [BUFFER]: shellcode
cc5bd44719672a11b9517107692c1beccc30e6bf [BUFFER]: shellcode
7f6cc25ae94ef583950078390c5e3fbc3fc6160e [BUFFER]: shellcode
e6e0fefae57ff13362b33f360decde32b6d711cd [BUFFER]: shellcode
96bb810f89697e369857cacc03760d86e7bacf45 [BUFFER]: shellcode
c8a89e035b697cca94d647ac07395412b3a9fbcc [BUFFER]: shellcode
40e4711e6cc6b14a7b72e05936da471d97fab139 [BUFFER]: shellcode
983af46686d7a413905dbc7df0149783ec488efd [BUFFER]: shellcode
06edda5b45c6055ccfc4e6c4acb1e2e759d31845 [BUFFER]: shellcode
32712f1cc5a120c5fd26d64167792139441ed45b [BUFFER]: shellcode
ef6f777181292189044ca1a5626dee7fd17ca3c6 [BUFFER]: shellcode
c198770da149cd4edb5ac3af31347028f1ac6da6 [BUFFER]: shellcode
181714eeb5400950c2662de9d2c15a5ff0e5f1b6 [BUFFER]: shellcode
4d0314051241afb6419e24f64887aa874a95c1b3 [BUFFER]: shellcode
d4404a914553d6eef06466501ca87d26b978b834 [BUFFER]: shellcode
338c54c03f92cb11ed1ba9efc418d211ae08c485 [BUFFER]: shellcode
65c2912d67cd15eace542d87b73aaf79ea3e0a8c [BUFFER]: shellcode
4307d809c24376a85faa5e42e3ea03f22a945b1c [BUFFER]: shellcode
9e7d61dac968c813c6610e957de72d72c4cff9fe [BUFFER]: shellcode
1ea245e38ee1b314e85545b5541a95ec3b5abbb8 [BUFFER]: shellcode
b9964c9c0450364ca3c69c0902a51f0cf32d58f5 [BUFFER]: shellcode
175a2162a081c3f1b2625bf65824d27ca5674f7a [BUFFER]: shellcode
395b8eefdac716c3f99d64a04777dfbc6e2fe528 [BUFFER]: Str_Win32_Http_API
7939808143ed38d2b485e6cb737e664f72027a9b [BUFFER]: Str_Win32_Http_API
67c57f3bc8ef0e21103b64b0638aa5fceb9e3932 [BUFFER]: embedded_win_api
5ee3d5f1fb10cd65ea9feec8eff4a488f4db3ac8 [BUFFER]: embedded_win_api
5ee3d5f1fb10cd65ea9feec8eff4a488f4db3ac8 [BUFFER]: Str_Win32_Http_API
07f5b2e8185cd589e78a05d0fb066acbcf62b3d9 [BUFFER]: embedded_pe
07f5b2e8185cd589e78a05d0fb066acbcf62b3d9 [BUFFER]: shellcode
a7252d818100f81c367db9d5abd83fe82519b478 [BUFFER]: shellcode
4873fad5270a0b8503fc66e20cdc9317081a603f [BUFFER]: shellcode
d07e8e9d33eb946ee8d5639c7c1a9c69ccca480a [BUFFER]: shellcode
f4f6098be6e0e773e23ef5fd8a10ee49d33049e6 [BUFFER]: shellcode
3f800d446c3a9d3ac42205766aa75752e17f4c6d [BUFFER]: embedded_win_api
3f800d446c3a9d3ac42205766aa75752e17f4c6d [BUFFER]: Str_Win32_Http_API
6106b7e55526175443d439dc084e20eb320fb03c [BUFFER]: shellcode
9dbf43482a36de76399b7e087ef18b901eb147a1 [BUFFER]: shellcode
074e5627a974a2d3cc2a39235e224f465ae4f677 [BUFFER]: shellcode
2b96efa3670fd9227eabc8ed067adec2e6baadcb [BUFFER]: shellcode
c060c0a1505674442bff4c6816d9c9b09625e107 [BUFFER]: shellcode
94f16810b4f456c719d3de77036650e11e473f17 [BUFFER]: shellcode
eb96a4bc2651ac6be85c745c6696ab52862a0b40 [BUFFER]: shellcode
6f9dbf0313b6a45805b7cee5373494bf279fd7d6 [BUFFER]: shellcode
1ea1ce71bdc2bb1dc596fcfde9b33cb7992f97b3 [BUFFER]: shellcode

Signatures

adware_url_accessed details
antivm_queries_computername details
locates_browser details
antivm_memory_available details
peid_packer details
dumped_buffer details
Roaming_Profile_Modified details
network_bind details
suspicious_tld details
allocates_rwx details
infostealer_browser details
origin_langid details
dns_tld_ru details
antivm_network_adapters details
packer_entropy details
process_interest details
packer_upx details
Windows_Proxy_Tinkering details
modifies_certificates details
multiple_useragents details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings

Dropped Files

0490a754ecbea4cd_Opera_installer_2017114475882.dll

3fa7fbdc5dc7ba87_bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe

ac7e24f926ea8fdd_sessionstore.bak

00d4f64b8cd7d1f8_formhistory.sqlite-journal

0fdb57dc028a08a0_urlclassifier3.sqlite-journal

d7dba002b4a386a4_permissions.sqlite-journal

acaea7ca02cc1ce3_permissions.sqlite-journal

e3b0c44298fc1c14_JD3FR+E6.exe

f22b0da501be02cb_permissions.sqlite-journal

4cb1073edb8703c3_permissions.sqlite-journal

0458a631778fe43e_webappsstore.sqlite-journal

ba4df4d8fad8dcd0_webappsstore.sqlite-journal

0849459019fd758c_opera_package.exe

cd920b6cd8831a03_webappsstore.sqlite-journal

b095cddec356b3f9_webappsstore.sqlite-journal

da58aa333a6fca87_webappsstore.sqlite-journal

43a1d6941fbf0ae1_webappsstore.sqlite-journal

17a844551d37f0b8_webappsstore.sqlite

f6244184f676cd1b_a3388d01

3e9099b5015e8f48_c86bd7751d53f10f65aaad66bbdf33c7

ab45e28e36961142_f00d8d01

31b703567c291c63_cookies.sqlite

17fa76c44fa317fd_formhistory.sqlite

63b05004bb5b5112__cache_001_

f5773fcf9d330d79_places.sqlite

c39082ff681b7212_urlclassifier3.sqlite

48162730b588f292__cache_003_

67ef041c0d7b4a96_c86bd7751d53f10f65aaad66bbdf33c7

6e0a0c57e424df8e_969d5d01

38b3899ee72a18d0_sessionstore.js

4962b1aef8d4d45b_9e998d01

6c7fea56a89aa75d_jd3fr+e6.exe.part

05d075ca661a23e7_opera_installer_20171104004757588.log

cd179561dd623849_cookies.sqlite-wal

3b5e1bfe55c9acfd_urlclassifierkey3.txt

feff05a871dc9a0c_places.sqlite-wal

59624392e8bdf21a_opera_installer_20171104004802005.log

b4595a4feaa763e8_bookmarks-2017-11-04.json

4f850f340c6aa096__cache_002_

68bb6939ea0b90ea_permissions.sqlite

a3bb17937d47a05e__cache_map_

4850993e5bc68ca8_urlclassifier.pset

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Windows\win.ini
  • C:\Windows\SysWOW64\ieframe.dll
  • C:\Windows\Fonts\staticcache.dat
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\C\9C\A3388d01
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\B\90\F00D8d01
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\search.json
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\A\E6\9E998d01
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifierkey3.txt
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\places.sqlite-wal
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\content-prefs.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\downloads.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\key3.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\compatibility.ini
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_001_
  • C:\Program Files (x86)\Mozilla Firefox\components\binary.manifest
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier3.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\prefs.js
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\extensions.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\permissions.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\secmod.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\mimeTypes.rdf
  • C:\Program Files (x86)\Mozilla Firefox\defaults\pref\channel-prefs.js
  • C:\Program Files (x86)\Mozilla Firefox\chrome.manifest
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\2\03\969D5d01
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\webappsstore.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\chromeappsstore.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\places.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cookies.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cert8.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20120420145725
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\pluginreg.dat
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_003_
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\formhistory.sqlite
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_002_
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_MAP_
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cookies.sqlite-wal
  • C:\Program Files (x86)\Mozilla Firefox\dependentlibs.list
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\localstore.rdf
  • C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier.pset
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore.js
File-Written
  • \\?\pipe\OperaCrashReporter2988
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_package0.exe_20171104004758\opera_package.exe
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C86BD7751D53F10F65AAAD66BBDF33C7
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C86BD7751D53F10F65AAAD66BBDF33C7
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_installer_20171104004757588.log
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_20171144756675.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\opera_installer_ui.lck
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_2017114481832.dll
  • \\?\pipe\OperaCrashReporter2988
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_installer_20171104004802005.log
  • mailslot\opera_installer\C:\Program Files\Opera
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_20171144757535.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_2017114475882.dll
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\C\9C\A3388d01
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\B\90\F00D8d01
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\permissions.sqlite-journal
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\A\E6\9E998d01
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifierkey3.txt
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\places.sqlite-wal
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\formhistory.sqlite-journal
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\bookmarkbackups\bookmarks-2017-11-04.json
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_001_
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier3.sqlite
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_003_
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier3.sqlite-journal
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\permissions.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore-1.js
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\2\03\969D5d01
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\webappsstore.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cookies.sqlite
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_MAP_
  • C:\Users\Harry Dresden\AppData\Local\Temp\JD3FR+E6.exe.part
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\formhistory.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\webappsstore.sqlite-journal
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_002_
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\places.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cookies.sqlite-wal
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier.pset
File-Deleted
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_package0.exe_20171104004758\opera_package.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_20171144756675.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_installer_20171104004757588.log
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_2017114481832.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_installer_20171104004802005.log
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_20171144757535.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\opera_crashreporter.log
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera_installer_2017114475882.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\JD3FR+E6.exe
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore.bak
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\permissions.sqlite-journal
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier3.sqlite-journal
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\formhistory.sqlite-journal
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\webappsstore.sqlite-journal
File-Opened
  • C:\Users\Harry Dresden\AppData\Local\Temp\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
  • \\?\pipe\OperaCrashReporter2988
  • C:\Windows\SysWOW64\en-US\ieframe.dll.mui
  • C:\Windows\System32\netmsg.dll
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\Windows\SysWOW64\ieframe.dll
  • C:\Windows\Fonts\staticcache.dat
  • C:\Users\Harry Dresden\AppData\LocalLow
  • C:\Windows\SysWOW64\
  • C:\Windows\win.ini
  • C:\Program Files
  • C:\Windows\System32\en-US\netmsg.dll.mui
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_package0.exe_20171104004758\opera_package.exe
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Users\Harry Dresden\AppData\Local\Temp\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
  • \\?\pipe\OperaCrashReporter2988
  • C:\Program Files\Opera
  • C:\Program Files
  • mailslot\opera_installer\C:\Program Files\Opera
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\Windows\System32\wshqos.dll
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\C\9C\A3388d01
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\B\90\F00D8d01
  • C:\
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\search.json
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\A\E6\9E998d01
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\startupCache\startupCache.4.little
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\places.sqlite-wal
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\content-prefs.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\downloads.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\key3.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\prefs.js
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\bookmarkbackups\bookmarks-2017-11-04.json
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_001_
  • C:\Program Files (x86)\Mozilla Firefox\components\binary.manifest
  • c:\Windows\System32\imageres.dll
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier3.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\compatibility.ini
  • C:\Users\Harry Dresden\AppData\Local\Temp\JD3FR+E6.exe.part
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\extensions.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\permissions.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\secmod.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Windows\System32\en-US\wshtcpip.dll.mui
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\mimeTypes.rdf
  • C:\Program Files (x86)\Mozilla Firefox\defaults\pref\channel-prefs.js
  • C:\Program Files (x86)\Mozilla Firefox\chrome.manifest
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\2\03\969D5d01
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\webappsstore.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\chromeappsstore.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\places.sqlite
  • C:\Windows\System32\en-US\wshqos.dll.mui
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cookies.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cert8.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20120420145725
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\pluginreg.dat
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_003_
  • C:\Windows\System32\en-US\wship6.dll.mui
  • C:\Windows\System32\wship6.dll
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_002_
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\_CACHE_MAP_
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cookies.sqlite-wal
  • C:\Program Files (x86)\Mozilla Firefox\dependentlibs.list
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\localstore.rdf
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifierkey3.txt
  • C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\formhistory.sqlite
  • c:\Windows\System32\en-US\imageres.dll.mui
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\urlclassifier.pset
  • C:\Program Files (x86)\Mozilla Firefox\omni.ja
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore.js
File-Copied
  • C:\Users\Harry Dresden\AppData\Local\Temp\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe -> C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore.js -> C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore.bak
File-Moved
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore-1.js -> C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\sessionstore.js
Network-Connects IP
  • 23.7.139.27
  • 104.31.75.124
  • 23.92.189.245
  • 213.180.193.119
  • 23.36.202.97
  • 74.125.28.156
  • 172.217.11.68
  • 204.79.197.200
  • 104.75.95.46
  • 172.217.11.78
  • 216.58.216.46
  • 157.240.11.22
  • 31.13.70.36
  • 216.58.216.40
  • 192.168.148.99
  • 72.21.91.29
  • 151.101.0.233
  • 54.214.37.36
  • 127.0.0.1
Network-Connects Host
  • autoupdate.geo.opera.com
  • dl.opera.com
  • desktop-netinstaller-sub.osp.opera.software
Directory-Created
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_package0.exe_20171104004758
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer
  • C:\Program Files\Opera
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\Users\Harry Dresden\AppData\Local
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\A\E6
  • C:\Users\Harry Dresden\AppData\Local\Mozilla
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\C\9C
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\2
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\B\90
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default
  • C:\Users
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\2\03
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\A
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\C
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache\B
  • C:\Users\Harry Dresden\AppData\Roaming
  • C:\Users\Harry Dresden
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\Cache
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\startupCache
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\bookmarkbackups
  • C:\Users\Harry Dresden\AppData
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox
Directory-Removed
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_package0.exe_20171104004758
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer
  • C:\Program Files\Opera
Directory-Enumerated
  • C:\Users\Harry Dresden\AppData\Local\Temp\Opera Installer\opera_package0.exe_20171104004758\*
  • C:\Windows\SysWOW64\ieframe.dll
  • C:\Windows\SysWOW64
  • C:\Windows
  • C:\Windows\SysWOW64\*.*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\bookmarkbackups\*
  • C:\Program Files (x86)\Mozilla Firefox\extensions\*
  • C:\Program Files (x86)\Mozilla Firefox\searchplugins\*
  • C:\Program Files (x86)\Mozilla Firefox\defaults\pref\*
  • C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\*
  • C:\Windows\System32\Wat\*
  • c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\*
  • C:\Program Files (x86)\Java\jre7\bin\plugin2\*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cert8.db
  • C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\secmod.db
  • C:\Program Files (x86)\Microsoft Office\root\Office16\*
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\*
  • C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  • C:\Program Files (x86)\Windows Media Player\*
  • C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\*
  • C:\Windows\SysWOW64\Macromed\Flash\*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\key3.db
  • C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\*
  • C:\Program Files (x86)\Java\jre7\bin\dtplugin\*
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\0a-00-27-00-00-00
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllPutSignedDataMsg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObject
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObjectEx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\UrlDllGetObjectUrl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
  • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
  • HKEY_CLASSES_ROOT\FirefoxURL
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.1.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\Tracing
  • HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
  • HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PeerDist\Service
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default
  • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
  • HKEY_CURRENT_USER\FirefoxURL\CurVer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_CURRENT_USER\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
  • HKEY_CURRENT_USER\FirefoxURL\shell
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
  • HKEY_CURRENT_USER\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http
  • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_USER\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
  • HKEY_CURRENT_USER\Software\Opera Software
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllGetSignedDataMsg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9FA65764-C36F-4319-9737-658A34585BB7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{000C10F1-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  • HKEY_CURRENT_USER\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9FA65764-C36F-4319-9737-658A34585BB7}
  • HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\TVO
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\ContextDllCreateObjectContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\SchemeDllRetrieveEncodedObjectW
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
  • HKEY_CURRENT_USER\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\SchemeDllRetrieveEncodedObjectW
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.12
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\ContextDllCreateObjectContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\UrlDllGetObjectUrl
  • HKEY_CURRENT_USER\FirefoxURL\shell\open
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
  • HKEY_CURRENT_USER\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllVerifyIndirectData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-msdos-program
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx
  • HKEY_CURRENT_USER\FirefoxURL\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\http\OpenWithProgids
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
  • HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_USER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9FA65764-C36F-4319-9737-658A34585BB7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}
  • HKEY_CURRENT_USER\Software
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_CURRENT_USER\Software\Opera Software
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
  • HKEY_LOCAL_MACHINE\Software\JavaSoft\Java Runtime Environment
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Paths\wmplayer.exe
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
  • HKEY_CURRENT_USER\Software\Synaptics\SynTPEnh\UltraNavPS2
  • HKEY_CURRENT_USER\Software\Lenovo\TrackPoint
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8b7dc9e0-308d-4c61-9892-407cb546a9c7}\Properties
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
  • HKEY_CURRENT_USER\Software\Elantech\MainOption
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons
  • HKEY_CLASSES_ROOT\HTTP\shell\open\command
  • HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles
  • HKEY_LOCAL_MACHINE\Software\Classes\.exe
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2
  • HKEY_CURRENT_USER\Interface\{00000134-0000-0000-C000-000000000046}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_CURRENT_USER\Software\Classes\.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_LOCAL_MACHINE\Software\mozilla.org\Mozilla
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\(Default)
  • HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities
  • HKEY_CURRENT_USER\Software\Synaptics\SynTPEnh\UltraNavUSB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
  • HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{c6d7411d-2953-4ff2-8cfc-84d585d466dc}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml
  • HKEY_CURRENT_USER\Software\Lenovo\UltraNav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • HKEY_CLASSES_ROOT\exefile\shell\open\command
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\firefox.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\(Default)
  • HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\(Default)
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\(Default)
  • HKEY_LOCAL_MACHINE\Software\MozillaPlugins
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http
  • HKEY_CLASSES_ROOT\.exe\OpenWithProgids
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp
  • HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet
  • HKEY_CURRENT_USER\Software\Alps\Apoint\TrackPoint
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Paths\QuickTimePlayer.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
  • HKEY_CLASSES_ROOT\HTTPS\DefaultIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
  • HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
  • HKEY_CLASSES_ROOT\FirefoxHTML\shell\open\command
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
  • HKEY_CURRENT_USER\Software\MozillaPlugins
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles
  • HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
  • HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-msdos-program
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_CLASSES_ROOT\HTTPS\shell\open\command
  • HKEY_CLASSES_ROOT\.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8b7dc9e0-308d-4c61-9892-407cb546a9c7}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClusSvc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
  • HKEY_LOCAL_MACHINE\Software\Cisco Systems\VPN Client
  • HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Suffixes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\MIMEAssociations
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\11.0\InstallPath
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM
  • HKEY_LOCAL_MACHINE\software\Adobe\Acrobat Reader
  • HKEY_CLASSES_ROOT\exefile
  • HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
  • HKEY_CURRENT_USER\Software\Elantech
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0_67
  • HKEY_CLASSES_ROOT\HTTP\DefaultIcon
Registry Key-Deleted
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDetectedUrl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDetectedUrl
  • HKEY_CURRENT_USER\Software\Opera Software\Last Stable Install Path
  • HKEY_CURRENT_USER\Software\Opera Software\Last Stable Install Path x64
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman CYR,204
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Miriam Transparent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman CE,238
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseHostnameAsAlias
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDhcp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial Greek,161
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDns
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman TUR,162
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\RootDirUrl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma Armenian
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseOldHostResolutionOrder
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tms Rmn
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDecisionReason
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartySha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Fixed Miriam Transparent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New Greek,161
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDecision
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\ProgId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial Baltic,186
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New CE,238
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1AllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman Baltic,186
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\LastSyncTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New CYR,204
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Rod Transparent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\LdapClientIntegrity
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDetectedUrl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\FangSong_GB2312
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial CYR,204
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartySha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\SyncDeltaTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
  • HKEY_CURRENT_USER\FirefoxURL\shell\open\NeverDefault
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial TUR,162
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\David Transparent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertLastSyncTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MinRsaPubKeyBitLength
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2017
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\UBR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertSyncDeltaTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\EncodedCtl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman Greek,161
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyAfterTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New TUR,162
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial CE,238
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllSha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllSha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003\ProfileImagePath
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arabic Transparent,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDns
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDecisionTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\Flags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_CURRENT_USER\FirefoxURL\shell\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1AllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DisableBranchCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRsaPubKeyTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Helvetica
  • HKEY_CURRENT_USER\FirefoxURL\shell\open\command\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Helv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New Baltic,186
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arabic Transparent Bold
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arabic Transparent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arabic Transparent Bold,0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAAllFlags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\Tracing\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDetectedUrl
  • HKEY_CURRENT_USER\FirefoxURL\NoStaticDefaultVerb
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2007
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\KaiTi_GB2312
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDhcp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\UBR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2007
  • HKEY_CURRENT_USER\Software\Opera Software\Last Stable Install Path x64
  • HKEY_CURRENT_USER\Software\Opera Software\Last Stable Install Path
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseOldHostResolutionOrder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2017
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\LdapClientIntegrity
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseHostnameAsAlias
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\UBR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8b7dc9e0-308d-4c61-9892-407cb546a9c7}\Protocol
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\Progid
  • HKEY_CURRENT_USER\FirefoxHTML\shell\open\command\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\TaskBarIDs\C:\Program Files (x86)\Mozilla Firefox
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE\Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{c6d7411d-2953-4ff2-8cfc-84d585d466dc}\Protocol
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer\Path
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\11.0\InstallPath\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\BrowserJavaVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf\Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8b7dc9e0-308d-4c61-9892-407cb546a9c7}\Properties\{f3e80bef-1723-4ff2-bcc4-7f83dc5e46d4},3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\Installation Directory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\Path
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\ICMProfile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\70F6B3D
  • HKEY_CURRENT_USER\HTTP\shell\open\command\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2\Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0001\ProfileEnumMode
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Suffixes\application/x-msdos-program
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\Path
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDate
  • HKEY_CURRENT_USER\HTTPS\shell\open\command\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8b7dc9e0-308d-4c61-9892-407cb546a9c7}\DeviceState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_CURRENT_USER\HTTPS\DefaultIcon\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\camp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\rip
  • HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice\Progid
  • HKEY_CURRENT_USER\HTTP\DefaultIcon\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wmplayer.exe\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf\Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8b7dc9e0-308d-4c61-9892-407cb546a9c7}\Properties\{5a9125b7-f367-4924-ace2-0803a4a3a471},0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0_67\JavaHome
  • HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications\Firefox
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\ri
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{c6d7411d-2953-4ff2-8cfc-84d585d466dc}\DeviceState
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org\Mozilla\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_CURRENT_USER\FirefoxURL\shell\open\command\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8b7dc9e0-308d-4c61-9892-407cb546a9c7}\Role:1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\sRGB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Registry Key-Written
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDecisionReason
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadNetworkName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDecision
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDetectedUrl
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5F058833-0652-4B15-B7EA-02DD7798ACE8}\WpadDecisionTime
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
  • HKEY_CURRENT_USER\Software\Opera Software\Last Stable Install Path
Mutex-Accessed
  • Local\Opera/Installer/UI_lock
  • Global\Opera/Installer/C:/Program Files/Opera
  • Local\FirefoxStartupMutex

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 480, Parent PID: 384

"C:\Users\Harry Dresden\AppData\Local\Temp\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe" PID: 1216, Parent PID: 2396

"C:\Users\Harry Dresden\AppData\Local\Temp\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe" --crash-reporter-parent-id=1216 PID: 2988, Parent PID: 1216

"C:\Users\HARRYD~1\AppData\Local\Temp\Opera Installer\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe" --version PID: 3568, Parent PID: 1216

"C:\Users\Harry Dresden\AppData\Local\Temp\bfc3117b7d7d00d42f76051bef4b7382dac0377a.exe" --backend --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --server-tracking-blob=NjY0NjE3YTEyODJkZjFlZWE0YzRjYmMxZDJhYTcwNmRiODllZjkzM2E4ZDc2ZjA0M2RjZDVjNWNjZTY2Y2ViMjp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwOi8vd3d3Lm9wZXJhLmNvbS9jb21wdXRlci90aGFua3M/bmk9c3RhYmxlJm9zPXdpbmRvd3MiLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/aHR0cF9yZWZlcnJlcj1odHRwczovL3d3dy5nb29nbGUuY29tLyZ1dG1fc291cmNlPWdvb2dsZV92aWFfb3BlcmFfY29tJnV0bV9tZWRpdW09b3NlJnV0bV9jYW1wYWlnbj1nb29nbGVfb3NlX3ZpYV9vcGVyYV9jb20mdXRtX2Jyb3dzZXI9Y2hyb21lJnV0bV92ZXI9NjIuMC4zMjAyLjc1JnV0bV9vcz13aW5kb3dzJmRsX3Rva2VuPTczMzA0NzE2JmpzPTEiLCJ0aW1lc3RhbXAiOiIxNTA5NzU1ODM3LjM1MjgiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXT1c2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYyLjAuMzIwMi43NSBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImJyb3dzZXIiOiJjaHJvbWUiLCJjYW1wYWlnbiI6Imdvb2dsZV9vc2VfdmlhX29wZXJhX2NvbSIsIm1lZGl1bSI6Im9zZSIsIm9zIjoid2luZG93cyIsInNvdXJjZSI6Imdvb2dsZV92aWFfb3BlcmFfY29tIiwidmVyIjoiNjIuMC4zMjAyLjc1In0sInV1aWQiOiI1ZmFhMzkwZC04MTY5LTQ4N2ItYjEwMi03ODZiY2NhY2RkNDcifQ== --language=en --singleprofile=0 --copyonly=0 --allusers=1 --setdefaultbrowser=1 --startmenushortcut=1 --desktopshortcut=1 --quicklaunchshortcut=1 --pintotaskbar=1 --server-tracking-data=server_tracking_data --initial-pid=1216 --crash-reporter-pid=2988 --wait-for-package="C:\Users\HARRYD~1\AppData\Local\Temp\Opera Installer\opera_package.exe_20171104004758" --initial-proc-handle=3C06000000000000 PID: 3904, Parent PID: 1216

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "http://www.opera.com/download/get/?partner=www&opsys=Windows" PID: 2972, Parent PID: 1216

Volatility

Nothing to display.