File: 03d837a46fec69e6d3973dcebcc50de0ab922f216330d2a9a633506bfaddd1e8
Metadata
| 69_3_.exe | |
| PE32 executable (console) Intel 80386, for MS Windows | 323584 bytes |
| 2016-04-19 04:14:37 | |
| cfc1dcfc561553a188e2feb6c76fd508 | |
| bcc77b9ed189d775129471ddc439b79c0c2a17de | |
| 03d837a46fec69e6d3973dcebcc50de0ab922f216330d2a9a633506bfaddd1e8 | |
| bfd341db46f7c3b8b6288f4b2a951506f3c1f071f3290bc0a78c94a55f56f3685e5302f7c1877f42168d91969dd3d7093abcb61f9e04fdca8bdcbb78568a64d2 | |
| 6144:y/+ArFDFtQiC6dpbC3ZBj9VRyhupmgHqoxziP2Sv0oiguUY:INLbYVEkmCGPJv0Y | |
| 79377802bd5eb45d9e82a7641229d787 | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with 03d837a46fec69e6d3973dcebcc50de0ab922f216330d2a9a633506bfaddd1e8.
Cyber threat intelligence reports associated with 03d837a46fec69e6d3973dcebcc50de0ab922f216330d2a9a633506bfaddd1e8.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
| Host | URL | User-Agent |
|---|---|---|
| marketathart.com | /binstr.php | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
| esbook.com | /binstr.php | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
| marketathart.com | /cgi-sys/suspendedpage.cgi | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
| nlhomegarden.com | /strbin.php | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
| prodocument.co.uk | /strbin.php | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
| joshsawyerdesign.com | /wp-content/plugins/binstr.php | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
| nlhomegarden.com | /strbin.php | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
| emmy2015.com | /strbin.php | Mozilla/5.0 (Windows NT 6.3 rv:11.0) like Gecko |
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes |
| HKEY_LOCAL_MACHINE\Software\Classes |
| \REGISTRY\USER |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID |
| CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770} |
| CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs |
| \CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770} |
| \CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 |
| \CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServerX86 |
| \CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\LocalServer32 |
| \CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandler32 |
| \CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandlerX86 |
| \CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770} |
| HKEY_CLASSES_ROOT\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs |
| CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86} |
| CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs |
| \CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86} |
| \CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 |
| \CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServerX86 |
| \CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\LocalServer32 |
| \CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandler32 |
| \CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandlerX86 |
| \CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86} |
| HKEY_CLASSES_ROOT\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs |
| HKEY_CURRENT_USER\Software\Microsoft\DirectShow\PushClock |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF |
| HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared |
| CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6} |
| CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\TreatAs |
| \CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6} |
| \CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\InprocServer32 |
| \CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\InprocServerX86 |
| \CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\LocalServer32 |
| \CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\InprocHandler32 |
| \CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\InprocHandlerX86 |
| \CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6} |
| HKEY_CLASSES_ROOT\CLSID\{E2510970-F137-11CE-8B67-00AA00A3F1A6}\TreatAs |
| HKEY_CURRENT_USER\Software\Microsoft\Multimedia\AviWriterFilter |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_USERS\S-1-5-18\Software\trueimg\ |
| HKEY_CURRENT_USER\Software\trueimg\ |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Intel Hardware Cryptographic Service Provider |
| HKEY_CURRENT_USER\Software\EA9AADB3CCFE71C0 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\System\Setup |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName |
| ActiveComputerName |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
| HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\emmy2015.com |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\emmy2015.com |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\nlhomegarden.com |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nlhomegarden.com |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\nlhomegarden.com |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\esbook.com |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\esbook.com |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\prodocument.co.uk |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\prodocument.co.uk |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\marketathart.com |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\marketathart.com |
| HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\joshsawyerdesign.com |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\joshsawyerdesign.com |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\NetworkProvider\HwOrder |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\RDPNP\NetworkProvider |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\LanmanWorkstation\NetworkProvider |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\WebClient\NetworkProvider |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
| HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
| HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions |
| HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png |
| HKEY_CLASSES_ROOT\.png |
| HKEY_CLASSES_ROOT\pngfile |
| HKEY_CLASSES_ROOT\pngfile\CurVer |
| HKEY_CLASSES_ROOT\pngfile\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
| HKEY_CLASSES_ROOT\pngfile\\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\SystemFileAssociations\.png |
| HKEY_CLASSES_ROOT\SystemFileAssociations\.png\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\SystemFileAssociations\image |
| HKEY_CLASSES_ROOT\SystemFileAssociations\image\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\pngfile\\Clsid |
| HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\Implemented Categories\{00021490-0000-0000-C000-000000000046} |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CLASSES_ROOT\Directory |
| HKEY_CLASSES_ROOT\Directory\CurVer |
| HKEY_CLASSES_ROOT\Directory\ |
| HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\Directory\\Clsid |
| HKEY_CLASSES_ROOT\Folder |
| HKEY_CLASSES_ROOT\Folder\Clsid |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |
| HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32 |
| HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility |
| CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86 |
| \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} |
| CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC} |
| CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC} |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86 |
| \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC} |
| HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove |
| HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove |
| HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove |
| HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData |
| HKEY_CURRENT_USER\SOFTWARE\Groove.OldData |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove |
| CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} |
| CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86 |
| \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} |
| HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs |
| CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
| HKEY_CLASSES_ROOT\.ade |
| HKEY_CLASSES_ROOT\.adp |
| HKEY_CLASSES_ROOT\.app |
| HKEY_CLASSES_ROOT\.asp |
| HKEY_CLASSES_ROOT\.bas |
| HKEY_CLASSES_ROOT\.bat |
| HKEY_CLASSES_ROOT\.cer |
| HKEY_CLASSES_ROOT\.chm |
| HKEY_CLASSES_ROOT\.cmd |
| HKEY_CLASSES_ROOT\.com |
| HKEY_CLASSES_ROOT\.cpl |
| HKEY_CLASSES_ROOT\.crt |
| HKEY_CLASSES_ROOT\.csh |
| HKEY_CLASSES_ROOT\.exe |
| HKEY_CLASSES_ROOT\.fxp |
| HKEY_CLASSES_ROOT\.hlp |
| HKEY_CLASSES_ROOT\.hta |
| HKEY_CLASSES_ROOT\.inf |
| HKEY_CLASSES_ROOT\.ins |
| HKEY_CLASSES_ROOT\.isp |
| HKEY_CLASSES_ROOT\.its |
| HKEY_CLASSES_ROOT\.js |
| HKEY_CLASSES_ROOT\.jse |
| HKEY_CLASSES_ROOT\.ksh |
| HKEY_CLASSES_ROOT\.lnk |
| HKEY_CLASSES_ROOT\.mad |
| HKEY_CLASSES_ROOT\.maf |
| HKEY_CLASSES_ROOT\.mag |
| HKEY_CLASSES_ROOT\.mam |
| HKEY_CLASSES_ROOT\.maq |
| HKEY_CLASSES_ROOT\.mar |
| HKEY_CLASSES_ROOT\.mas |
| HKEY_CLASSES_ROOT\.mat |
| HKEY_CLASSES_ROOT\.mau |
| HKEY_CLASSES_ROOT\.mav |
| HKEY_CLASSES_ROOT\.maw |
| HKEY_CLASSES_ROOT\.mda |
| HKEY_CLASSES_ROOT\.mdb |
| HKEY_CLASSES_ROOT\.mde |
| HKEY_CLASSES_ROOT\.mdt |
| HKEY_CLASSES_ROOT\.mdw |
| HKEY_CLASSES_ROOT\.mdz |
| HKEY_CLASSES_ROOT\.msc |
| HKEY_CLASSES_ROOT\.msi |
| HKEY_CLASSES_ROOT\.msp |
| HKEY_CLASSES_ROOT\.mst |
| HKEY_CLASSES_ROOT\.ops |
| HKEY_CLASSES_ROOT\.pcd |
| HKEY_CLASSES_ROOT\.pif |
| HKEY_CLASSES_ROOT\.prf |
| HKEY_CLASSES_ROOT\.prg |
| HKEY_CLASSES_ROOT\.pst |
| HKEY_CLASSES_ROOT\.reg |
| HKEY_CLASSES_ROOT\.scf |
| HKEY_CLASSES_ROOT\.scr |
| HKEY_CLASSES_ROOT\.sct |
| HKEY_CLASSES_ROOT\.shb |
| HKEY_CLASSES_ROOT\.shs |
| HKEY_CLASSES_ROOT\.tmp |
| HKEY_CLASSES_ROOT\.url |
| HKEY_CLASSES_ROOT\.vb |
| HKEY_CLASSES_ROOT\.vbe |
| HKEY_CLASSES_ROOT\.vbs |
| HKEY_CLASSES_ROOT\.vsmacros |
| HKEY_CLASSES_ROOT\.vss |
| HKEY_CLASSES_ROOT\.vst |
| HKEY_CLASSES_ROOT\.vsw |
| HKEY_CLASSES_ROOT\.ws |
| HKEY_CLASSES_ROOT\.wsc |
| HKEY_CLASSES_ROOT\.wsf |
| HKEY_CLASSES_ROOT\.wsh |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| HKEY_CLASSES_ROOT\pngfile\\shell\open |
| HKEY_CLASSES_ROOT\pngfile\\shell\open\command |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun |
| HKEY_CLASSES_ROOT\pngfile\\shell\open\ddeexec |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\rundll32.exe |
| HKEY_CLASSES_ROOT\Applications\shimgvw.dll |
| HKEY_CLASSES_ROOT\Applications\shimgvw.dll\shell |
| HKEY_CLASSES_ROOT\Applications\shimgvw.dll\shell\open |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
| HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\rundll32.exe |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{475c7950-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CLASSES_ROOT\pngfile\\ShellEx\DataHandler |
| HKEY_CLASSES_ROOT\.png\ShellEx\DataHandler |
| HKEY_CLASSES_ROOT\SystemFileAssociations\.png\ShellEx\DataHandler |
| HKEY_CLASSES_ROOT\SystemFileAssociations\image\ShellEx\DataHandler |
| HKEY_CLASSES_ROOT\* |
| HKEY_CLASSES_ROOT\*\ShellEx\DataHandler |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellImageView |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellImageView |
| CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178} |
| CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\TreatAs |
| \CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178} |
| \CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocServer32 |
| \CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocServerX86 |
| \CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\LocalServer32 |
| \CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocHandler32 |
| \CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocHandlerX86 |
| \CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178} |
| HKEY_CLASSES_ROOT\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\TreatAs |
| CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC} |
| CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\TreatAs |
| \CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC} |
| \CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 |
| \CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServerX86 |
| \CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\LocalServer32 |
| \CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocHandler32 |
| \CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocHandlerX86 |
| \CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC} |
| HKEY_CLASSES_ROOT\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\TreatAs |
| CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C} |
| CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\TreatAs |
| \CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C} |
| \CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 |
| \CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServerX86 |
| \CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\LocalServer32 |
| \CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocHandler32 |
| \CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocHandlerX86 |
| \CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C} |
| HKEY_CLASSES_ROOT\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\TreatAs |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt |
| HKEY_CLASSES_ROOT\.txt |
| HKEY_CLASSES_ROOT\txtfile |
| HKEY_CLASSES_ROOT\txtfile\CurVer |
| HKEY_CLASSES_ROOT\txtfile\ |
| HKEY_CLASSES_ROOT\txtfile\\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\SystemFileAssociations\.txt |
| HKEY_CLASSES_ROOT\SystemFileAssociations\text |
| HKEY_CLASSES_ROOT\SystemFileAssociations\text\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\txtfile\\Clsid |
| HKEY_CLASSES_ROOT\SystemFileAssociations\text\Clsid |
| HKEY_CLASSES_ROOT\*\Clsid |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\NOTEPAD.EXE |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\ |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups |
Comments
User comments about 03d837a46fec69e6d3973dcebcc50de0ab922f216330d2a9a633506bfaddd1e8.
User comments about 03d837a46fec69e6d3973dcebcc50de0ab922f216330d2a9a633506bfaddd1e8.
