HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\payload.exe |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions |
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
HKEY_CLASSES_ROOT\Directory |
HKEY_CLASSES_ROOT\Directory\CurVer |
HKEY_CLASSES_ROOT\Directory\ |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler |
HKEY_CLASSES_ROOT\Directory\\Clsid |
HKEY_CLASSES_ROOT\Folder |
HKEY_CLASSES_ROOT\Folder\Clsid |
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers |
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\CDF |
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InProcServer32 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem |
HKEY_CLASSES_ROOT\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 |
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MyDocuments |
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InProcServer32 |
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ecf03a33-103d-11d2-854d-006008059367}\InProcServer32 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{ECF03A33-103D-11D2-854D-006008059367} |
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing |
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32 |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\rubyw.exe |
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName |
ActiveComputerName |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004 |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager |
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography |
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Intel Hardware Cryptographic Service Provider |
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
HKEY_LOCAL_MACHINE\Software\Classes |
\REGISTRY\USER |
HKEY_LOCAL_MACHINE\Software\Classes\CLSID |
CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13} |
CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\TreatAs |
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13} |
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocServer32 |
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocServerX86 |
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\LocalServer32 |
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocHandler32 |
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocHandlerX86 |
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\LocalServer |
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13} |
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\TreatAs |
CLSID\{ECF03A33-103D-11D2-854D-006008059367} |
CLSID\{ECF03A33-103D-11D2-854D-006008059367}\TreatAs |
\CLSID\{ECF03A33-103D-11D2-854D-006008059367} |
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocServer32 |
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocServerX86 |
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\LocalServer32 |
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocHandler32 |
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocHandlerX86 |
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\LocalServer |
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367} |
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\TreatAs |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes |
CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} |
CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\TreatAs |
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} |
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 |
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServerX86 |
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\LocalServer32 |
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocHandler32 |
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocHandlerX86 |
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\LocalServer |
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} |
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\TreatAs |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions |