What is WINRAR380.exe?
WINRAR380.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected WINRAR380.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Digital signatures [?]
WINRAR380.exe is not signed.
VirusTotal report
24 of the 66 anti-virus programs at VirusTotal detected the WINRAR380.exe file. That's a 36% detection rate.
| Scanner | Detection Name |
|---|---|
| Ad-Aware | Trojan.GenericKD.30921375 |
| AegisLab | Trojan.Win32.Generic.4!c |
| ALYac | Trojan.GenericKD.30921375 |
| Arcabit | Trojan.Generic.D1D7D29F |
| AVG | FileRepMetagen [Malware] |
| BitDefender | Trojan.GenericKD.30921375 |
| CAT-QuickHeal | Trojan.Starter |
| ClamAV | Win.Trojan.Agent-1351234 |
| Cybereason | malicious.e713a8 |
| DrWeb | Trojan.KillFiles.19461 |
| Emsisoft | Trojan.GenericKD.30921375 (B) |
| FireEye | Trojan.GenericKD.30921375 |
| GData | Trojan.GenericKD.30921375 |
| McAfee | Artemis!6E34868E713A |
| McAfee-GW-Edition | BehavesLike.Win32.BadFile.tc |
| Microsoft | PUA:Win32/Presenoker |
| MicroWorld-eScan | Trojan.GenericKD.30921375 |
| NANO-Antivirus | Trojan.Win32.KillFiles.fdpnid |
| Paloalto | generic.ml |
| Qihoo-360 | HEUR/QVM06.1.Malware.Gen |
| Rising | PUF.RAR-Exploit!1.B604 (CLASSIC) |
| Tencent | Win32.Trojan.Generic.Wqdg |
| VBA32 | Trojan.KillFiles |
| ViRobot | Trojan.Win32.Z.Killfiles.1369184 |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\__tmp_rar_sfx_access_check_33698140",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\__tmp_rar_sfx_access_check_33696906",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\WinRAR\\rarnew.dat",
"C:\\Program Files (x86)\\WinRAR\\zipnew.dat",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt"
],
"file_recreated": [
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r29\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r19\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r09\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Sort",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.taz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r22\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\RegisteredApplications\\WinRAR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rar\\ShellNew\\FileName",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r16\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\WinRAR32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\UninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tbz",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\ShellNew\\FileName",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\DisplayName",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Set",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\NoModify",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Content",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:PID",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz2\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r03\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.REV\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r02\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\WinRAR.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r20\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Exist",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Desktop\\TaskbarWinXP",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.uu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\DragDropHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.bz2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\ContextMenuHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uu\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lzh\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r18\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.lha",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.iso\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r15\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz2\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\ApplicationDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.7z",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lha\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\DragDropHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\ShellNew",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.xxe",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WRTE.Document.1\\UID\\Frame13",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\ShellNew",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\UserStartTime",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.rar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2\\Settings",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.jar\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r24\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r27\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r04\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.z",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r01\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.lzh",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.zip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r11\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r07\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Set",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r10\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links\\StartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\DragDropHandlers\\WinRAR\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\ShellExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r26\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR SFX\\C%%Program Files (x86)%WinRAR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.xxe\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r00\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\DropHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\WinRAR.exe\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ColInfo",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links\\Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r13\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rar\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByDirection",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.7z\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r28\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.jar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\DragDropHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Set",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\LastAdvertisement",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\DragDropHandlers\\WinRAR\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.cab",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCache",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.uue",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Mode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tgz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r17\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.bz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\ContextMenuHandlers\\WinRAR\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.arj\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.iso",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tar",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:FMTID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\IconSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.taz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r25\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\CascadedMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r08\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r05\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r14\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\DropHandler\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.REV\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ace\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\DragDropHandlers\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rev\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\NoRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\FFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\MenuIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r06\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.ace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.gz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.arj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uue\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.REV\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r23\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\LogicalViewMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r12\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r21\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\DisplayIcon",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tbz2",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\ShellNew"
],
"dll_loaded": [
"C:\\Windows\\system32\\ntshrui.dll",
"netutils.dll",
"srvcli.dll",
"LINKINFO.dll",
"kernel32.dll",
"UxTheme.dll",
"MsftEdit.dll",
"C:\\Windows\\system32\\ole32.dll",
"POWRPROF.DLL",
"dwmapi.dll",
"slc.dll",
"C:\\Windows\\system32\\uxtheme.dll",
"PROPSYS.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"OLEAUT32.DLL",
"C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll",
"comctl32",
"ole32.dll",
"SHLWAPI.dll",
"USER32.dll",
"IMM32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"riched32.dll",
"riched20.dll",
"C:\\Windows\\system32\\xmllite.dll",
"OLEAUT32.dll",
"profapi.dll",
"C:\\Program Files (x86)\\WinRAR\\rarlng.dll",
"comctl32.dll",
"C:\\Windows\\system32\\shell32.dll",
"ADVAPI32.dll",
"rpcrt4.dll",
"SETUPAPI.dll",
"ntshrui.dll",
"COMCTL32.DLL"
],
"file_opened": [
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\ProgramData",
"C:\\",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Users\\Public\\Documents\\desktop.ini",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Program Files (x86)\\Mozilla Firefox\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users\\Public\\Pictures",
"C:\\Program Files (x86)\\windows media player\\wmplayer.exe",
"C:\\Windows\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\Public\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt",
"c:\\program files (x86)\\mozilla firefox\\firefox.exe",
"C:\\Windows\\System32\\imageres.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"\\\\?\\PIPE\\samr",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Users\\cuck\\Pictures",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Program Files (x86)\\windows media player\\en-US\\wmplayer.exe.mui",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Windows\\System32\\DeviceCenter.dll",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Python 2.7",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Program Files (x86)\\WinRAR\\Formats",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\ProgramData\\Microsoft\\Windows",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\Windows\\System32\\en-US\\ulib.dll.mui",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe",
"C:\\Windows\\resources\\Themes\\Aero\\Shell\\NormalColor\\ShellStyle.dll",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Program Files (x86)\\WinRAR\\",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer",
"C:\\Users\\cuck",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"c:\\program files (x86)\\internet explorer\\iexplore.exe",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Users\\cuck\\AppData",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC",
"C:\\Users\\cuck\\Desktop",
"C:\\Windows\\System32\\en-US\\ntshrui.dll.mui",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Windows\\System32\\en-US\\DeviceCenter.dll.mui",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Program Files (x86)\\WinRAR\\__tmp_rar_sfx_access_check_33698140",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\Public",
"C:\\ProgramData\\Microsoft",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Windows\\win.ini",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"c:\\program files (x86)\\internet explorer\\en-US\\iexplore.exe.mui",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\Windows\\System32\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
]
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj",
"HKEY_CLASSES_ROOT\\WinRAR.REV\\DefaultIcon",
"HKEY_CLASSES_ROOT\\.r09",
"HKEY_CLASSES_ROOT\\.r08",
"HKEY_CLASSES_ROOT\\.r07",
"HKEY_CLASSES_ROOT\\.r06",
"HKEY_CLASSES_ROOT\\.r05",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.r03",
"HKEY_CLASSES_ROOT\\.r02",
"HKEY_CLASSES_ROOT\\.r01",
"HKEY_CLASSES_ROOT\\.r00",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.bat",
"HKEY_CLASSES_ROOT\\Outlook.Application.12",
"HKEY_CLASSES_ROOT\\Outlook.Application.11",
"HKEY_CLASSES_ROOT\\Outlook.Application.10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_CLASSES_ROOT\\WRTE.Document.1\\UID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\WinRAR",
"HKEY_CLASSES_ROOT\\*",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.chm",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_CLASSES_ROOT\\WinRAR\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_CLASSES_ROOT\\.jar\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\RegisteredApplications",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_CLASSES_ROOT\\.r04",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\CopyHookHandlers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
"HKEY_CLASSES_ROOT\\txtfile",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\explorer.exe\\TaskbarExceptionsIcons",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CLASSES_ROOT\\.r18",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\PropertyHandler",
"HKEY_CLASSES_ROOT\\.arj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\DocObject",
"HKEY_CLASSES_ROOT\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_CLASSES_ROOT\\chm.file",
"HKEY_CLASSES_ROOT\\.ace\\ShellNew",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache",
"HKEY_CLASSES_ROOT\\.taz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR SFX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_CLASSES_ROOT\\.key\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz",
"HKEY_CLASSES_ROOT\\.chm",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_CLASSES_ROOT\\.rar",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_CLASSES_ROOT\\WinRAR.REV",
"HKEY_CLASSES_ROOT\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
"HKEY_CLASSES_ROOT\\.tbz",
"HKEY_CLASSES_ROOT\\.lzh",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\PROFILELIST",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_CLASSES_ROOT\\.bz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_CLASSES_ROOT\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\uninstall.exe",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_CLASSES_ROOT\\.tbz2\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\WinRAR32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\CurVer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_CLASSES_ROOT\\.txt",
"HKEY_CLASSES_ROOT\\.txt\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\WinRAR",
"HKEY_CLASSES_ROOT\\.tbz2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
"HKEY_LOCAL_MACHINE\\Software\\WinRAR\\Capabilities",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.key",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.iso",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\cmd.exe\\TaskbarExceptionsIcons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_CLASSES_ROOT\\.taz",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_CLASSES_ROOT\\.tar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.7z\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\wrar380.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\uninstall.exe",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\text",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CLASSES_ROOT\\.r26",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_CLASSES_ROOT\\.r10",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
"HKEY_CLASSES_ROOT\\.xxe\\ShellNew",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\DefaultIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_CLASSES_ROOT\\.chm\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_CLASSES_ROOT\\.r19",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\WinRAR32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\Clsid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.key",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"HKEY_CLASSES_ROOT\\.zip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_CLASSES_ROOT\\.xxe",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_CLASSES_ROOT\\.cab\\ShellNew",
"HKEY_CLASSES_ROOT\\.uu\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Sharing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.key\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\DropHandler",
"HKEY_CLASSES_ROOT\\.r25",
"HKEY_CLASSES_ROOT\\.r24",
"HKEY_CLASSES_ROOT\\.r27",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe",
"HKEY_CLASSES_ROOT\\.r21",
"HKEY_CLASSES_ROOT\\.r20",
"HKEY_CLASSES_ROOT\\.r23",
"HKEY_CLASSES_ROOT\\.r22",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_CLASSES_ROOT\\.r29",
"HKEY_CLASSES_ROOT\\.r28",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\DragDropHandlers\\WinRAR32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_CLASSES_ROOT\\.bat\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
"HKEY_CLASSES_ROOT\\.bat",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_CLASSES_ROOT\\.bz2\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.lha\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.key",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.chm\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\exefile",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_CLASSES_ROOT\\batfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CLASSES_ROOT\\.zip\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bat",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\Clsid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_CLASSES_ROOT\\WinRAR\\DefaultIcon",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_CLASSES_ROOT\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ini",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\DocObject",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanServer\\DefaultSecurity",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.chm",
"HKEY_CLASSES_ROOT\\.lha",
"HKEY_CLASSES_ROOT\\.gz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\Clsid",
"HKEY_CLASSES_ROOT\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
"HKEY_CLASSES_ROOT\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\InProcServer32",
"HKEY_CLASSES_ROOT\\Unknown",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz",
"HKEY_CLASSES_ROOT\\.rar\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\WinRAR32",
"HKEY_CLASSES_ROOT\\WinRAR.REV\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\(Default)",
"HKEY_CLASSES_ROOT\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_CLASSES_ROOT\\.exe\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\Clsid",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\DragDropHandlers\\WinRAR",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\WinRAR.exe",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\(Default)",
"HKEY_CLASSES_ROOT\\.uu",
"HKEY_LOCAL_MACHINE\\Software\\WinRAR\\Capabilities\\FileAssociations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.exe",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CLASSES_ROOT\\.key",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\DropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.rev",
"HKEY_CLASSES_ROOT\\.exe",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_CLASSES_ROOT\\.gz\\ShellNew",
"HKEY_CLASSES_ROOT\\.r11",
"HKEY_CLASSES_ROOT\\.r12",
"HKEY_CLASSES_ROOT\\.r13",
"HKEY_CLASSES_ROOT\\.r14",
"HKEY_CLASSES_ROOT\\.r15",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.r17",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\UserChoice",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2",
"HKEY_CLASSES_ROOT\\.tgz",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.tgz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz",
"HKEY_CLASSES_ROOT\\.arj\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_CLASSES_ROOT\\.z\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\DragDropHandlers\\WinRAR",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\UserChoice",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\WinRAR",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_CLASSES_ROOT\\.bz",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z",
"HKEY_CLASSES_ROOT\\.uue\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.tbz\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\CurVer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bat\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_CLASSES_ROOT\\.cab",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\Clsid",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\DragDropHandlers\\WinRAR32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.jar",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_CLASSES_ROOT\\WinRAR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.bz2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\(Default)",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\DragDropHandlers\\WinRAR32",
"HKEY_CLASSES_ROOT\\.r16",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\DragDropHandlers\\WinRAR",
"HKEY_CLASSES_ROOT\\.7z",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\uninstall.exe",
"HKEY_CLASSES_ROOT\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
"HKEY_CLASSES_ROOT\\.iso",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-18",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-19",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_CLASSES_ROOT\\.ace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_CLASSES_ROOT\\.uue",
"HKEY_CLASSES_ROOT\\.tar\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_CLASSES_ROOT\\Outlook.Application",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_CLASSES_ROOT\\.lzh\\ShellNew",
"HKEY_CLASSES_ROOT\\.z",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
],
"file_written": [
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key",
"\\\\?\\PIPE\\samr",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\WinRAR\\rarnew.dat",
"C:\\Program Files (x86)\\WinRAR\\zipnew.dat",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.jar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r19\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r18\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r29\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r22\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r25\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r08\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lha\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemPos800x600x96(1)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r04\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r00\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lzh\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupCollapseState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r28\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r09\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r05\\Content Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\CLSID\\{DDF7D820-8355-11CF-B357-444553540000}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r16\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uu\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r11\\Content Type",
"HKEY_CLASSES_ROOT\\.zip\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r26\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r07\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r02\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r03\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.arj\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r23\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.xxe\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uue\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz2\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r20\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r21\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ace\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.taz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r13\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r17\\Content Type",
"HKEY_CLASSES_ROOT\\.rar\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r27\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.7z\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz2\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r12\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r24\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r01\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r06\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r10\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r15\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r14\\Content Type"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\__tmp_rar_sfx_access_check_33696906",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0"
],
"file_exists": [
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key",
"C:\\Windows\\System32\\propsys.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\Desktop",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\Users\\Public",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users",
"C:\\cuckoo_2844.ini",
"C:\\Windows\\SysWOW64\\propsys.dll",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Users\\cuck\\Documents",
"C:\\Program Files (x86)\\WinRAR\\uninstall.exe.exe",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Windows\\explorer.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Users\\Public\\Documents",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Program Files (x86)\\WinRAR\\rarnew.dat",
"C:\\Program Files (x86)\\WinRAR\\zipnew.dat",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ThumbCacheToDelete",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned",
"C:\\Program Files (x86)\\WinRAR\\uninstall.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Python27\\pythonw.exe"
],
"mutex": [
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer",
"Local\\Shell.CMruPidlList",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex"
],
"file_failed": [
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Users\\Public\\Desktop\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\WinRAR.lnk",
"C:\\cuckoo_1788.ini",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Program Files (x86)\\WinRAR\\uninstall.lng",
"C:\\cuckoo_2844.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\Desktop\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\desktop.ini"
],
"guid": [
"{6ccb7be0-6807-11d0-b810-00c04fd706ec}",
"{4f6bcd94-c2a5-42ce-8dbc-31e794be4630}",
"{7cc7aed8-290e-49bc-8945-c1401cc9306c}",
"{fdada2fa-894d-47d8-ae78-adf1fd7f28df}",
"{54410b83-6787-4418-9735-5aaaabe83a9a}",
"{14ce31dc-abc2-484c-b061-cf3416aed8ff}",
"{8be2d872-86aa-4d47-b776-32cca40c7018}",
"{00021401-0000-0000-c000-000000000046}",
"{00bb2763-6a77-11d0-a535-00c04fd7d062}",
"{688c934d-0c26-40f6-8d29-d56d72c76b48}",
"{3ce74de4-53d3-4d74-8b83-431b3828ba53}",
"{6311429e-2f1a-4777-880f-c7289fd10169}",
"{ea69859a-db5b-4c4a-8a8f-ae9759027534}",
"{05a232fd-2bfb-4349-9d48-4787f317f50a}",
"{000214fa-0000-0000-c000-000000000046}",
"{f678fcde-eb44-4b6e-9b75-cc4a661f5263}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{b2952b16-0e07-4e5a-b993-58c52cb94cae}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{4657278a-411b-11d2-839a-00c04fd918d0}",
"{ae054212-3535-4430-83ed-d501aa6680e6}",
"{00bb2765-6a77-11d0-a535-00c04fd7d062}",
"{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}",
"{9b63616c-36b2-46bc-959f-c1593952d19b}",
"{1a1f4206-0688-4e7f-be03-d82ec69df9a5}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{eac04bc0-3791-11d2-bb95-0060977b464c}",
"{42aedc87-2188-41fd-b9a3-0c966feabec1}",
"{000214f9-0000-0000-c000-000000000046}",
"{71d222e1-432f-429e-8c13-b6dafde5077a}",
"{00000000-0000-0000-c000-000000000046}",
"{1c1800c1-3258-44c2-be80-3deadb6c5e39}",
"{00000146-0000-0000-c000-000000000046}",
"{cef04fdf-fe72-11d2-87a5-00c04f6837cf}",
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{a4341687-7593-47aa-9554-4b0ffc8b2214}",
"{6746c347-576b-4f73-9012-cdfeea251bc4}",
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}",
"{000214fc-0000-0000-c000-000000000046}",
"{c0a6c367-c264-4385-a704-9088bdc3640e}",
"{de5bf786-477a-11d2-839d-00c04fd918d0}",
"{000214e6-0000-0000-c000-000000000046}",
"{33c53a50-f456-4884-b049-85fd643ecfed}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"{14074e0b-7216-4862-96e6-53cada442a56}",
"{111f7c32-0546-4227-8b7f-c53a0b114a0f}",
"{00000323-0000-0000-c000-000000000046}",
"{6e682784-1eca-4cf2-988d-96b6e89e9a4d}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{7d39402f-5b52-4b34-b528-b95f66927e1d}",
"{75121952-e0d0-43e5-9380-1d80483acf72}",
"{a4b544a1-438d-4b41-9325-869523e2d6c7}",
"{603d3800-bd81-11d0-a3a5-00c04fd706ec}",
"{2fb499a3-cfce-480f-a5f3-2453db7a2b7a}",
"{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}",
"{72eb61e0-8672-4303-9175-f2e4c68b2e7c}",
"{57ced8a7-3f4a-432c-9350-30f24483f74f}",
"{8ded7393-5db1-475c-9e71-a39111b0ff67}",
"{000214ee-0000-0000-c000-000000000046}",
"{c3acefb5-f69d-4905-938f-fcadcf4be830}",
"{bbd20037-bc0e-42f1-913f-e2936bb0ea0c}",
"{934d4698-6a59-48f8-9f29-9fb30670320e}",
"{64bc32b5-4eec-4de7-972d-bd8bd0324537}",
"{4df0c730-df9d-4ae3-9153-aa6b82e9795a}",
"{3c708557-c99d-4fa3-9231-56518418b4e4}",
"{1f3427c8-5c10-4210-aa03-2ee45287d668}",
"{9cfc2df3-6ba3-46ef-a836-e519e81f0ec4}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{f676c15d-596a-4ce2-8234-33996f445db1}",
"{4657278b-411b-11d2-839a-00c04fd918d0}",
"{49f371e1-8c5c-4d9c-9a3b-54a6827f513c}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{1f02b6c5-7842-4ee6-8a0b-9a24183a95ca}",
"{ed6ae9cf-ad35-46b7-ac30-3f8b9eb5349f}",
"{0c733a8a-2a1c-11ce-ade5-00aa0044773d}",
"{50ef4544-ac9f-4a8e-b21b-8a26180db13f}",
"{b8967f85-58ae-4f46-9fb2-5d7904798f4b}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{db6efb73-5153-43b7-8078-c6ffc4c0238c}",
"{559b1911-d3af-486e-b8bc-242b24df0114}",
"{1685d4ab-a51b-4af1-a4e5-cee87002431d}",
"{03c036f1-a186-11d0-824a-00aa005b4383}"
],
"command_line": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Program Files (x86)\\WinRAR\\uninstall.exe \/setup",
"cmd.exe \/c C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"wrar380.exe \/s \/W",
"XCOPY \"rarreg.key\" \"C:\\Program Files (x86)\\WinRAR\" \/i \/r \/v \/k \/f \/c \/h \/y",
"\"C:\\Program Files (x86)\\WinRAR\\uninstall.exe\" \/setup",
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe\" "
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"\\\\?\\PIPE\\samr",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Users\\desktop.ini",
"C:\\Windows\\win.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Users\\Public\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\Public\\Documents\\desktop.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRecentDocsMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\OnlyMember",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\UseDropHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheSMP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.SFGAOFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS\\UpdateCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{14074E0B-7216-4862-96E6-53CADA442A56} {000214FA-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-19\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMHelp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.iso\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.DateModified",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\DefaultSecurity\\SrvsvcDefaultShareInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\AutoSuggest",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs_ShouldShow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFavoritesMenu",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.bmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 13",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.FileName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{b155bdf8-02f0-451e-9a26-ae317cfd7779}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU Size",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoChangeStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{98D99750-0B8A-4c59-9151-589053683D73}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\DeviceCenter.dll,-1000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IsPinnedToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.FileAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheTBP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F2-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{35786D3C-B075-49b9-88DD-029876E11C01}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84BA9C75-6C22-4590-9BDC-5584EADE039E}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\SaferFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IconPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Sharing\\UsersShareName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClearRecentDocsOnExit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1F3427C8-5C10-4210-AA03-2EE45287D668} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\LibraryDescriptionHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Srp\\GP\\RuleCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Search\\SystemIndexNormalization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileBufferedSynchronousIo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NormalizeLinkNetPidls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_EnableDragDrop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\CLSID\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\PolicyScope",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetworkConnections",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\explorer.exe,-7021",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonVideo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileChunkSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\DefaultLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetHood",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMorePrograms",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PromotedIconCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{59D6F31B-FA6B-4FBA-8AF3-197FF140C714}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplayNarrow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\Upgrade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\Levels",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\System32\\ie4uinit.exe,-734",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\LogFileName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.Kind",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\PerceivedType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplayNarrow",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{98D99750-0B8A-4C59-9151-589053683D73}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\shellex\\IconHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoUserFolderInStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ForceRunOnStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DontLoadAuthUIInExplorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{645FF040-5081-101B-9F08-00AA002F954E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\UIStatus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.DateModified",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Public",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyPictures",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\DisableProcessIsolation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\ShellEx\\{000214F9-0000-0000-C000-000000000046}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-18\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Always Use Tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuNetworkPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Documents",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\IconHandler\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@\"%windir%\\System32\\ie4uinit.exe\",-732",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\sud.dll,-1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SearchFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNTSecurity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileOverlappedCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters_ShouldShow",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\unregmp2.exe,-4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category"
],
"directory_enumerated": [
"C:\\Program Files (x86)\\WinRAR\\rarext64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Windows\\System32\\xcopy.COM",
"C:\\Windows\\System32\\*.*",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key",
"C:\\Users\\cuck\\AppData",
"C:\\Python27\\XCOPY",
"C:\\Windows\\System32\\xcopy.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Program Files (x86)\\WinRAR\\rarlng.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Python27\\XCOPY.*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Windows\\System32",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.hlp",
"C:\\Program Files (x86)\\WinRAR\\*.lng",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\XCOPY.*",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Users",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\XCOPY",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.cnt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Program Files (x86)\\WinRAR\\os2.sfx",
"C:\\Program Files (x86)\\WinRAR\\rar_site.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\register.frm",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Program Files (x86)\\WinRAR\\rarext.dll",
"C:\\Program Files (x86)\\WinRAR\\register.txt",
"C:\\Program Files (x86)\\WinRAR\\Dos.sfx",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Program Files (x86)\\WinRAR\\order.txt",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Python27\\Scripts\\XCOPY.*",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"C:\\Python27\\Scripts\\XCOPY",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\Formats\\unacev2.dll",
"C:\\Windows",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Windows\\System32\\XCOPY.*",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\*.*",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7za.dll"
],
"directory_created": [
"C:\\Program Files (x86)\\WinRAR\\Formats",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer",
"C:\\Users\\cuck\\AppData\\Local"
]
}Dropped
[
{
"yara": [],
"sha1": "0662c96b7de18f0a58417beed17fc413aa489b62",
"name": "1f6c1eb85a39c2a1_install.bat",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat",
"type": "ASCII text, with CRLF line terminators",
"sha256": "1f6c1eb85a39c2a1fa7bf2f83053dda92a98bf14047bad649dbfd49963cd6d64",
"urls": [],
"crc32": "4C210A29",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/1f6c1eb85a39c2a1_install.bat",
"ssdeep": null,
"size": 105,
"sha512": "10bfd21214080b066e6028b43524e958ce9efb53e7baf3470c685664814506e349555c135d83ce0ea78559a62e1fc7f28f55e9d8c01f8ecf11ceab5e5199d8cf",
"pids": [
1512
],
"md5": "b8b88f68a60429ddb4d7463b8f79419b"
},
{
"yara": [],
"sha1": "2d22c5648f9acc7b5675179229b69b384cdcc591",
"name": "07979ec044b15e91_iso.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "07979ec044b15e91e8c0ee61dd77dee79be0dab4947556920351bbd706fa3393",
"urls": [],
"crc32": "4F17B297",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/07979ec044b15e91_iso.fmt",
"ssdeep": null,
"size": 73728,
"sha512": "60369590340e2bad5b30651b52787f2ddb88069f30a6e478c6aa2ab2efcceca7249a7678ca412f0982fa54b22afb0256c763f4a9d4522ac9949dad3faf599c69",
"pids": [
1424
],
"md5": "e30a9fd41ff1567f39bb929a52cd32c3"
},
{
"yara": [],
"sha1": "1d460ef381239bfd9fbd841c77c7834e08a4716b",
"name": "924084289bf7cf7d_winrar.chm",
"filepath": "C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"type": "MS Windows HtmlHelp Data",
"sha256": "924084289bf7cf7dab1ba0869f8c27106d27683bf7571413a59ab03ad2bfd125",
"urls": [],
"crc32": "589BA104",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/924084289bf7cf7d_winrar.chm",
"ssdeep": null,
"size": 254538,
"sha512": "7e3fbea98d99d8f368ed805bee890223f597cb70624921824a6e7d45dbef7bde7ca9311fa2f3c771d8cc423072e5113a3db92daa187a9b346965a63a5febef5f",
"pids": [
1424
],
"md5": "dfbfae70b02ef5b39ac362e3d184e1a2"
},
{
"yara": [],
"sha1": "ee76a3adb2f7b1716d34e08641aa34c6d3a460b1",
"name": "6de8f7a13d058b3d_default.sfx",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "6de8f7a13d058b3dff3779ba20cc5d658a15aa0e9a54fddf46bb72041ab6b4d2",
"urls": [],
"crc32": "96A456FB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/6de8f7a13d058b3d_default.sfx",
"ssdeep": null,
"size": 104448,
"sha512": "e4966c56883ab2ad39a44bed1237a0badd343b40068f19ae92635e83a407c80149cadd0e60797c032ef2889fc76a78275727878b465bf82f4d0bf39eba8ac9d5",
"pids": [
1424
],
"md5": "a70a0c64d38cb274331f9488445a68f2"
},
{
"yara": [],
"sha1": "a5f66d420b6a6ebb04242fb85ca462a99dbf89b6",
"name": "c9d28800e740a156_unacev2.dll",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "c9d28800e740a1569aec8fe27df10ef186d883f94cec15a5c228826b45a24f9d",
"urls": [],
"crc32": "FBD107E5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/c9d28800e740a156_unacev2.dll",
"ssdeep": null,
"size": 77312,
"sha512": "32b22966ecec433636f927dc7b27cf782271b36169a9fdd50aa99a4d8cf14496ac3948a3747b7b7680d2d472f6af714e640b05c29194e8f2db92b21619b09c11",
"pids": [
1424
],
"md5": "de02c4d04088b69e64ecc30a3d9e22e5"
},
{
"yara": [],
"sha1": "363c569f98225d510deab6ff8d548d2f7d12bcd6",
"name": "0f46b46e727292eb_ace.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "0f46b46e727292eba3ba362bcadef37c285eb6d4366a4bcb8ddc2ca7951cad21",
"urls": [],
"crc32": "56836591",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/0f46b46e727292eb_ace.fmt",
"ssdeep": null,
"size": 56832,
"sha512": "9786ba11f12078bb4300d49c7d9e4fcb64eeda0ec11ccef9d78dd36c454488994d7c87c2ef0142e53e996f67b8fbb4111b208bcb0562941ac252c0400d1c103c",
"pids": [
1424
],
"md5": "c2b3e1d610ca6499ad1bf1c8e71adb0a"
},
{
"yara": [],
"sha1": "1643a8155913dfc2719d143c57c5f208cd3f1cfb",
"name": "f368140e6b58026f_z.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "f368140e6b58026ff314c6448a0584f76801f431b213a1efaff77cafe10d10d8",
"urls": [],
"crc32": "8E882473",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/f368140e6b58026f_z.fmt",
"ssdeep": null,
"size": 59392,
"sha512": "1b93e4abf5a0a8fee5cd8a85260f02bb61e769becc946e86124293b33aaf10fc87474f09afcc6332911ae624e12c917b1e252311b300925c254e3e13eb228fea",
"pids": [
1424
],
"md5": "7230d7f581cef4b832845accd36bfb18"
},
{
"yara": [],
"sha1": "ca608371054ef9702b547947e37c2d6e39c95632",
"name": "40a5a0ccff4d048d_wincon.sfx",
"filepath": "C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"type": "PE32 executable (console) Intel 80386, for MS Windows",
"sha256": "40a5a0ccff4d048d1919783b1a582b0520906c6ac12672cfc587ad492bc4da58",
"urls": [],
"crc32": "122023EC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/40a5a0ccff4d048d_wincon.sfx",
"ssdeep": null,
"size": 81408,
"sha512": "26141e27efcea15ef4a891991580367cfd517eb0e74ed28603a0d3df167fd4e59d956cf341ffae34753bbdd2be9c0324c1c4646bd0104116bd6c467889ce03c0",
"pids": [
1424
],
"md5": "4c1d7f356b7dab5b2461ae8cd0b774c6"
},
{
"yara": [],
"sha1": "e2b525e01a20f007edfc50935dd1493a9079270a",
"name": "51ec7784fb86bdef_unrarsrc.txt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "51ec7784fb86bdefa3e50395dc6943a83f3be6636e0043a4bebb626777051cca",
"urls": [],
"crc32": "A20CCEC8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/51ec7784fb86bdef_unrarsrc.txt",
"ssdeep": null,
"size": 90,
"sha512": "ebe20f0830d7d44b3c54f1fadb5c89e033ee1467696521b77597631b73420d06add0cd61c0da7e06f10f549cf46bb3ebe1ddda58fa47452ef32fe5906c0bd091",
"pids": [
1424
],
"md5": "c16bb921c05af38382f946386224b1ec"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "dc09919eb0a71cfb08160d02aaa11c079be76648",
"name": "bd740bffa0620819_console rar manual.lnk",
"filepath": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Jan 4 01:53:07 2020, mtime=Sat Jan 4 01:53:07 2020, atime=Mon Jun 2 22:19:56 2008, length=72962, window=hide",
"sha256": "bd740bffa0620819e3575f69d01a6b054a2370925f075617e5f993acbc997c63",
"urls": [],
"crc32": "4042551E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/bd740bffa0620819_console rar manual.lnk",
"ssdeep": null,
"size": 1004,
"sha512": "82bc53c9373befc5f307cf78b466d75d3bd09d24439941d9914d71b6bad1463762dd172e0eb892f0261cc544744101fa0140bbf9d7b8b0978bc667c2add42ec3",
"pids": [
2844
],
"md5": "dcd731b30be2baa3fe8a9ccc737318c6"
},
{
"yara": [],
"sha1": "71044601cb7eaada762d34448c531c0d2fa3d8aa",
"name": "1e1c69a3e90c0b23_gz.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "1e1c69a3e90c0b23b39b7a574b5a0f2ce59c79356ac2dc01f058cf0731c0d96b",
"urls": [],
"crc32": "767778FB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/1e1c69a3e90c0b23_gz.fmt",
"ssdeep": null,
"size": 64000,
"sha512": "826b971eec42e755c6d8feac9db6eeb97c318de312eed2b970f0bbba90e06df4e5e92a8d052bec4a74755b0dd7ced71b54d3713df8c66f1536f1750acd24b10c",
"pids": [
1424
],
"md5": "011b577685dbb23d2f39d94c4ae7859a"
},
{
"yara": [],
"sha1": "c47a37416ac19089e8cbfd1b7bfc397d3f51fc51",
"name": "88b1f1f7cbf71d53_uninstall.exe",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "88b1f1f7cbf71d539908a91359264cc7a78f786db33447af5b0bd35f33f82833",
"urls": [],
"crc32": "037DCACD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/88b1f1f7cbf71d53_uninstall.exe",
"ssdeep": null,
"size": 100864,
"sha512": "c0bf182c80a715602674f2771bfea4af2ff31182d0dcbce1f9fd70a829134eb2226e6614e9b40a3f33646e499f421ed6e5157f0fd1b8418f4430496e3ef4c2ff",
"pids": [
1424
],
"md5": "3e20c4b85982e3cbd7655659a6800fc7"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "64d353bfaf832f10660e212406cadee3d434eb4c",
"name": "1494075a6c51831c_winrar help.lnk",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Jan 4 01:53:07 2020, mtime=Sat Jan 4 01:53:07 2020, atime=Wed Sep 17 03:18:12 2008, length=254538, window=hide",
"sha256": "1494075a6c51831cc138f2b034e26dd01195439c942dc69639a699af220b565d",
"urls": [],
"crc32": "557FFB4C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/1494075a6c51831c_winrar help.lnk",
"ssdeep": null,
"size": 1041,
"sha512": "197da681f69e6647075f3f1b4f7dd9ca11eedcb641a07459debb5e5193e0b4cdadfe930cf72304813ba802dcc9631be7962604a679cbb63ab7a849ac91d159cd",
"pids": [
2844
],
"md5": "ed02035b638806c09b69f8db06f29d92"
},
{
"yara": [],
"sha1": "a675a344c41182613832dedbe85267a1ffc948df",
"name": "7f2fea191904b0e8_rar.txt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "7f2fea191904b0e82bd12062e8a82ad03d1bee257e44b4c1d4debe58ba3c67d5",
"urls": [],
"crc32": "D235E54B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/7f2fea191904b0e8_rar.txt",
"ssdeep": null,
"size": 72962,
"sha512": "f87bdc3526794622c540c8052ac46f10b62c0b3e31021a777c884ba66e068c494d5fb1da63ca0ae860c5be45af2cd5c0e7611b3c0bcaf87a84620432f5165277",
"pids": [
1424
],
"md5": "c899f5d4a8bb692e18e0bd0e5663e398"
},
{
"yara": [],
"sha1": "39abca4f0e2093156fd1cef7e2784a180ea7c87f",
"name": "1156d2f7fbfe78d7_zip.sfx",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "1156d2f7fbfe78d740088822e14e991478435c9f6c6e0ee1c24ea84d255665b1",
"urls": [],
"crc32": "DF99DD65",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/1156d2f7fbfe78d7_zip.sfx",
"ssdeep": null,
"size": 68096,
"sha512": "e568040a4482007ad05e5142638f565f4332166e19eb13d277b76e6e2f4451961759b89b15e4bcd0151b5eab51524eb8fbe8064f270efe1f10aa18e2ae445ab1",
"pids": [
1424
],
"md5": "fe352f539e2b5134567ece8e4f5bfd36"
},
{
"yara": [],
"sha1": "eb767de79732e94769d146ddd70dbd94db390ab5",
"name": "510929488b7ef382_rarreg.key",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"type": "ASCII text, with CRLF line terminators",
"sha256": "510929488b7ef3827fde8860369cd867b2b02d48c7e4bbb86db48eb833bcee4a",
"urls": [],
"crc32": "3D450E7E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/510929488b7ef382_rarreg.key",
"ssdeep": null,
"size": 509,
"sha512": "45a0b54bbd5281a9e392aa051c5e601e015496da4f4c5aef841e9eb10bbee03dbec88f3d6c901f29f5962fb05cd16efdd7cb19fa6bd99718a6e57cf77b8af83e",
"pids": [
1512
],
"md5": "a508f08707b56a83b2e17c88694cf9f6"
},
{
"yara": [],
"sha1": "f11979641099b87d490554ef148f8ac1a6637131",
"name": "4dc0d704e544b63b_rar.exe",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"type": "PE32 executable (console) Intel 80386, for MS Windows",
"sha256": "4dc0d704e544b63bf5f7003c69809a1bd7b83693fba445c9fed07561181c9740",
"urls": [],
"crc32": "B303F776",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/4dc0d704e544b63b_rar.exe",
"ssdeep": null,
"size": 323072,
"sha512": "4929f2864c3987dfdb29a50babf0c4dbc52862f9ed392919d7122eff8842df6f8f2ea72b99ce648f51d75f79fedd8599d54afea614faa7419eb93716a8b61785",
"pids": [
1424
],
"md5": "073ad45909545c33219fb92a0cbc5d41"
},
{
"yara": [],
"sha1": "1386e0acd0480179065fc679d0edf24a128e30ab",
"name": "70a0a0418f9ee879_install.exe",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "70a0a0418f9ee879cbac438938d5bcbc3700d73dc1ec51fe3dd29f65938cc171",
"urls": [
"http:\/\/www.abyssmedia.com"
],
"crc32": "9E175786",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/70a0a0418f9ee879_install.exe",
"ssdeep": null,
"size": 149662,
"sha512": "40a5423f24bf9531bab9301f88eed4ebcfff24952f78a91e64a3139fba8e5f7a64fd40daaf08a456a38d2836849aba50938a3f3cb75dc1c34dd13f709a1b7c85",
"pids": [
1512
],
"md5": "3ea5438806c3ca903f7d66f2bcab7c21"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "65169dd38288352fdb6bd6d50baba65659c1d7fc",
"name": "e41822ba2baa46a4_console rar manual.lnk",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Jan 4 01:53:07 2020, mtime=Sat Jan 4 01:53:07 2020, atime=Mon Jun 2 22:19:56 2008, length=72962, window=hide",
"sha256": "e41822ba2baa46a44c9bf54c6e6c4c80ddba8fd5ffecd99a0d0ac5add7b6a972",
"urls": [],
"crc32": "C161F022",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/e41822ba2baa46a4_console rar manual.lnk",
"ssdeep": null,
"size": 1022,
"sha512": "f094d108aca5fb2bf9006cc458f802cbab8fc288f88baf2b8c517bd386d6f5f388de3f8bfade436524e1a16f415e0a94ee3dabe3577c9477ad9f3e7997cfaa23",
"pids": [
2844
],
"md5": "49e0edaa259db6e6146ee7f478ecbd29"
},
{
"yara": [],
"sha1": "9420f277309dfc012f76168f50a26c505937ab3e",
"name": "b4f5a4bef4ffc304_file_id.diz",
"filepath": "C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"type": "ASCII text, with CRLF, LF line terminators",
"sha256": "b4f5a4bef4ffc3043e2226a7104a3d3292fbb9213dc0c61d8afe090fadf63725",
"urls": [],
"crc32": "C5FE0944",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/b4f5a4bef4ffc304_file_id.diz",
"ssdeep": null,
"size": 502,
"sha512": "e47d7164132fffc3dc5e5b98f7e869353aa1d45ffea483119fed5a79a7a4ae288ef56a32980dcb725d8a72598af7e74ce05e01f7e090e5013cd47b4816d14bcf",
"pids": [
1424
],
"md5": "c764040bda6a3183a5898f88b0434ca4"
},
{
"yara": [],
"sha1": "18629208273779dfa28472d5da28542b69b4dfd2",
"name": "30cbdc8b7afd4e07_rarnew.dat",
"filepath": "C:\\Program Files (x86)\\WinRAR\\rarnew.dat",
"type": "RAR archive data,",
"sha256": "30cbdc8b7afd4e079e93f1666220080b31a9b177f4d94ddcc1e5555fb8821f41",
"urls": [],
"crc32": "EAEAB33A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/30cbdc8b7afd4e07_rarnew.dat",
"ssdeep": null,
"size": 20,
"sha512": "f7dc9796341490b53d6a44eda6ec9e2644ab40959177db1d28682a28460747eefda3a9fc0b7d496e15d745e518e98d541078bd61a9517ff3264e304852206962",
"pids": [
2844
],
"md5": "ad08fe53a5e484ea568d60544ef3f05c"
},
{
"yara": [],
"sha1": "22c66046f921429a8b58a617e8edaf387a408443",
"name": "477fe2d57f9559db_cab.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "477fe2d57f9559dbc3f97ff4e6e8634faee13a620c1807d9ba93ac8410bc0234",
"urls": [],
"crc32": "CB7901DA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/477fe2d57f9559db_cab.fmt",
"ssdeep": null,
"size": 51200,
"sha512": "de3316d1081a1995e2fa2de631e3143d05d19867ce8134d7e626091a2d85be661d8c3136e8a4838ff97f809860f6fde2b8b81f34b26261ed86994fd09718cb82",
"pids": [
1424
],
"md5": "060f196677e5b099f3df3447bc751d07"
},
{
"yara": [],
"sha1": "185615223d79b7fba4a6b206696361d167e8855d",
"name": "e753912e3d23d72c_rarext64.dll",
"filepath": "C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"type": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"sha256": "e753912e3d23d72cc324ee65685a401cccf670645e4301177fa0d0699770fb53",
"urls": [],
"crc32": "34C94B45",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/e753912e3d23d72c_rarext64.dll",
"ssdeep": null,
"size": 62464,
"sha512": "9b906d080cc40ac1d622c4fbe3ad860e41b84321739dc952ef8e131411008d61ee8913cd0dfeaf30ea6aa4db9a32eae5cc3f7b1012e7ecf3206249bba66ca39e",
"pids": [
1424
],
"md5": "0392c4fce14e23040b5ace69672a03bd"
},
{
"yara": [],
"sha1": "51a2a8d9b93c3d29d019c54142a9b427f77494d7",
"name": "dd20f4ba20fcfbd3_uninstall.lst",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"type": "ASCII text, with CRLF line terminators",
"sha256": "dd20f4ba20fcfbd3015503796e1befbe8f79ab9197fe58021cad10f939e8e91f",
"urls": [],
"crc32": "D28CEA7C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/dd20f4ba20fcfbd3_uninstall.lst",
"ssdeep": null,
"size": 639,
"sha512": "2d430c28bbc40c547a845c05306a644ee11c002b25a21ea5bd24e349ee0195ed97f4307466b3885045b7d376d37b9234942e3c960ecfa4d02b5453d805490481",
"pids": [
1424
],
"md5": "a85e009b4bb2982912d5e589938f6cd6"
},
{
"yara": [],
"sha1": "b04f3ee8f5e43fa3b162981b50bb72fe1acabb33",
"name": "8739c76e681f9009_zipnew.dat",
"filepath": "C:\\Program Files (x86)\\WinRAR\\zipnew.dat",
"type": "Zip archive data (empty)",
"sha256": "8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85",
"urls": [],
"crc32": "D7CBC50E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/8739c76e681f9009_zipnew.dat",
"ssdeep": null,
"size": 22,
"sha512": "5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f",
"pids": [
2844
],
"md5": "76cdb2bad9582d23c1f6f4d868218d6c"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "13b5fb9315b3410568b7dbd2dd40619abcb348ed",
"name": "803399c2dcc807c7_winrar help.lnk",
"filepath": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Jan 4 01:53:07 2020, mtime=Sat Jan 4 01:53:07 2020, atime=Wed Sep 17 03:18:12 2008, length=254538, window=hide",
"sha256": "803399c2dcc807c7e1fae12ff469167985bb2db2f0e9911f81a2ae73aa480597",
"urls": [],
"crc32": "8119527B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/803399c2dcc807c7_winrar help.lnk",
"ssdeep": null,
"size": 1023,
"sha512": "8f6606f8630f34876524c0b8060bcde9ac00241e57593fc120f4dfefe062126091030a43da01bb00eff53405f1c8128689ad31bfa5b4bbd1670cc75344bbd8a8",
"pids": [
2844
],
"md5": "951c2e20f1ee9e3ebb9e02d70c4c605f"
},
{
"yara": [],
"sha1": "57f3a134f99940a40271fb7a515fe1c240d10782",
"name": "d14331009d9d5677_license.txt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\License.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "d14331009d9d56774bd2384f1e2abeda9fa460dbda5de082bd4d6c186fe2b6da",
"urls": [],
"crc32": "45E1EBB2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/d14331009d9d5677_license.txt",
"ssdeep": null,
"size": 6428,
"sha512": "46dd223fc76acb3d71f598f50c3a0d67e310ba7076126e114b9d85a6964a6525b3394826874aa72d9fcf1d2515cd3ffc6dcda81663c187245b9e96f2ba0052e8",
"pids": [
1424
],
"md5": "62037ef975f0100ac52c9922bca52934"
},
{
"yara": [],
"sha1": "1ba1d6d6a3d66cf9472df63434ec7ca17ac3d951",
"name": "c075e812f293f1dc_winrar.exe",
"filepath": "C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "c075e812f293f1dcfce5dc4f8bcf3cd42f8a526deb9251c9af27726a85e969e2",
"urls": [],
"crc32": "8B63108F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/c075e812f293f1dc_winrar.exe",
"ssdeep": null,
"size": 968704,
"sha512": "13660b8060c0cbd3fe7c7eb6677c058266e8a8658dd66a01c01300f75bb3cd14abf0f97375b3a1242904954255e1639bd6f2d0cace51899eac5ac9bea88ea16e",
"pids": [
1424
],
"md5": "1191d84c20f70bb4d84ae689e3e57f07"
},
{
"yara": [],
"sha1": "296edf96a038e476ef8b6151d02ccceefe2b04d9",
"name": "98d476c635777d3c_rarext.dll",
"filepath": "C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "98d476c635777d3c3ddb2620bb6cf2ac6b847297ce6d038601498b4ee3afa632",
"urls": [],
"crc32": "C9FD55A1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/98d476c635777d3c_rarext.dll",
"ssdeep": null,
"size": 132608,
"sha512": "4b6023b9fb852093ff1f033319bd4777741ba2522056fb702266c0aa67225a5c5645f92d5387d533136131331ee6e31ca7996ed25561489b312408034902623c",
"pids": [
1424
],
"md5": "f11fe030158f8ef14a56a3ea9e9bd47d"
},
{
"yara": [],
"sha1": "ca76a20a781fc41712c84b413952460ddbcd7866",
"name": "4c0a4aabbe034efd_lzh.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "4c0a4aabbe034efd70236f4e7306a9b0c5cfc39e40d176d5954b28c706f29e82",
"urls": [],
"crc32": "BF87FFFF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/4c0a4aabbe034efd_lzh.fmt",
"ssdeep": null,
"size": 58368,
"sha512": "4fa9181351b598743b730b455845eadeb4fc0838d08d9d3a97361976e68f751f9a344ad182d3ed12c4c127bd6065573e13067ecee9f2af231f56e5788da803e6",
"pids": [
1424
],
"md5": "e63646f82ffbb3433df965421337b506"
},
{
"yara": [],
"sha1": "a0d57e6b050fbef7a2cc3806ce7a3d2b4913504c",
"name": "ae744d01816283d2_bz2.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "ae744d01816283d2c9d4bcdd2cd62a3aed60b8af09844bb54819729638e948b9",
"urls": [],
"crc32": "3E175C53",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/ae744d01816283d2_bz2.fmt",
"ssdeep": null,
"size": 74752,
"sha512": "dbe63cc43d5abc0e60a3fdf05eb5904ff8e5fc7e74d856e410bd4f3755d8f10ef0f22dfff2a43c7bb1b40ecce47a2585f75ba7fb7e8dfb81b6de83f9282d63d7",
"pids": [
1424
],
"md5": "98c6f0eeb717dbda5f419faa28f0fcf5"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "6cb08524eec27cc452ab3f40fc576cef5ab2771b",
"name": "242f6c2ea2913b91_winrar.lnk",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Jan 4 01:53:07 2020, mtime=Sat Jan 4 01:53:07 2020, atime=Wed Sep 17 03:17:12 2008, length=968704, window=hide",
"sha256": "242f6c2ea2913b91f1c7dc1c12f1b893e788bb5e3caccf36e6314d68e21e40d6",
"urls": [],
"crc32": "3CB2CC38",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/242f6c2ea2913b91_winrar.lnk",
"ssdeep": null,
"size": 1041,
"sha512": "398a54c2a342e68587b26c13bac6ff90584e1cb3e77e17add3725764d1f93386e1e1899e1716d8f264478faf3876c69c3528a66c7658f89e8ae2f314a6625b0f",
"pids": [
2844
],
"md5": "40245b1ad643be85d62d966d15a043e6"
},
{
"yara": [],
"sha1": "4eb4f10e151e4170160f329867f7a2c21e672ed9",
"name": "12756b2b2dd79550_whatsnew.txt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "12756b2b2dd79550f8f4da845279540ec646259d896559d582bb95e69997562f",
"urls": [],
"crc32": "223AE8BD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/12756b2b2dd79550_whatsnew.txt",
"ssdeep": null,
"size": 11234,
"sha512": "0d1c47dd06aabd0c507eddef9d6c848e166fb0524d78979c7be0da218514b385a82b5d80042300a4d623dde6f795e22e0dc2d2d9274588b32904e2d0c9ab6238",
"pids": [
1424
],
"md5": "cbd2b85ba896028512533194c9127e10"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14___tmp_rar_sfx_access_check_33696906",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/e3b0c44298fc1c14___tmp_rar_sfx_access_check_33696906",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "7d432c4ab3647b4d9666da4393c8e9bfc37e24ab",
"name": "f1679f66bbecd746_wrar380.exe",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "f1679f66bbecd746f00e855f8f65a745f4c93c95dedad85f5e9674a4355be25b",
"urls": [],
"crc32": "F70840BC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/f1679f66bbecd746_wrar380.exe",
"ssdeep": null,
"size": 1234120,
"sha512": "787dc3ffcbe311d76970d89f047ac9543f6d9e76a8e71eb89fa76d8fe971572a317fc924cf57bfc3d1c840edb33b735aa6efec9b4508f4b85997446aacdba15d",
"pids": [
1512
],
"md5": "7e8d59d3c0893730a9a590db51c6d052"
},
{
"yara": [],
"sha1": "7ef21e641b5c40703e75c86cf1214aee9cec4566",
"name": "3cac074e2eddf5b6_descript.ion",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"type": "ASCII text, with CRLF line terminators",
"sha256": "3cac074e2eddf5b66d300c7416f6a18b43549453e36a191c31f5d64722f828ef",
"urls": [],
"crc32": "9E1DF3BE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/3cac074e2eddf5b6_descript.ion",
"ssdeep": null,
"size": 1063,
"sha512": "95f5c664a22cb53c75264d34c3bb185749d8e8dd6e760b6eb4b593461c04930bf524574ba273e87a4b75997a45a597f43b4994f6cbda0580b1f5a8d9ebe64ec2",
"pids": [
1424
],
"md5": "b63259e35240a56947ac7d8b9e720ea0"
},
{
"yara": [],
"sha1": "ffd21abc1c43b82d913b80384bb2fc26a9a60729",
"name": "72786c107f1ec0d3_tar.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "72786c107f1ec0d37b57fc141479be39178977dcc5b0d5517a2016bc54c903cc",
"urls": [],
"crc32": "E8914E04",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/72786c107f1ec0d3_tar.fmt",
"ssdeep": null,
"size": 55296,
"sha512": "3d12ed1687c95abc34f32997505bae8b6b31ae530112813ad47b3173cc0d67b4ac44e1d929b171b2d2c016bc929e4e3d368505fc733bf565af01f6411430a832",
"pids": [
1424
],
"md5": "fcfc2c0a30f92bcb2963ff9745afa5ab"
},
{
"yara": [],
"sha1": "26a7fbf32f618ee3d6e66bf9c9ecb304cfe53456",
"name": "41e8a2b2a7355fec_arj.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "41e8a2b2a7355fec37f3797960d1c207e4afbf3d11d1a2f0c21c8a9a94a9b3e7",
"urls": [],
"crc32": "580062C9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/41e8a2b2a7355fec_arj.fmt",
"ssdeep": null,
"size": 53248,
"sha512": "c63cf2951ce85ebb8fb71d36f2732ab4e0b7bd89d58df6ce5c1467a06f7a972deccfe094741aec73b57b7b691b6c9e0bddfd1b7ea5c0dbd0febace8f59ef64c8",
"pids": [
1424
],
"md5": "6aa042e75e676c421d9bfcbe5baa171f"
},
{
"yara": [],
"sha1": "2574444ff72481119e65e618d318533a81c523fc",
"name": "1e7ba47b36cfc1a5_rarextloader.exe",
"filepath": "C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "1e7ba47b36cfc1a5347ee9029e0dd8d5f24ce906d65972b8b015227183ee2b3b",
"urls": [],
"crc32": "05F640CC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/1e7ba47b36cfc1a5_rarextloader.exe",
"ssdeep": null,
"size": 44032,
"sha512": "1e512dbb8c638ecd24c83a4e6f0bc94b09638bab6cb2065dd3801e870fb494d4124729c6fc5fae559429dba282d95ae130c5e52aa8aa27d33f521d1b2d93c589",
"pids": [
1424
],
"md5": "30108227f4b8533fa3955306747f93f4"
},
{
"yara": [],
"sha1": "55a03eb940b5d2159b5ab62c3f6be066424e8686",
"name": "f3af7eed8a943311_7zxa.dll",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "f3af7eed8a943311eac8536c3e7591f18571051694bc031d1a30e38793611fa0",
"urls": [],
"crc32": "23EDFD3E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/f3af7eed8a943311_7zxa.dll",
"ssdeep": null,
"size": 163328,
"sha512": "f4fc8685a09a6d0a248d25ef2f0851dfafa595ec98e76b5b2059bc93a7705333ddc5aae9a93f79f3cb6ebf6d51aa24dec0ea7fff86ae3098a12d0199da2014d6",
"pids": [
1424
],
"md5": "71fd74df7bf558f85462c60a40b4ac92"
},
{
"yara": [],
"sha1": "3d16a4b7cbd6ac44cfdb25a1f50c56828fd53255",
"name": "a1d7fea377f2622e_7z.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "a1d7fea377f2622e6345e5446a6d1eecddc89c15a93ddacb9be24fd900c9a88c",
"urls": [],
"crc32": "9CE2BA90",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/a1d7fea377f2622e_7z.fmt",
"ssdeep": null,
"size": 89088,
"sha512": "82c364b28f12f0b835b5a978d9814d56ccc0b1c5e05d0c9cd6ddabb017cf1854883a27427a81258b8517bea6f938516ea0df240b629a3dbc4d035c6c2aa002a0",
"pids": [
1424
],
"md5": "0977e124c0054bb0c1c710a0cfa21a42"
},
{
"yara": [],
"sha1": "03a93e4bcf33f9e860013d1bdcb5873ea4a30574",
"name": "886b9b4ad0076e54_uue.fmt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "886b9b4ad0076e543722757f576345b87520042f14457a738b4bfaec77792ab5",
"urls": [],
"crc32": "B52A126B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/886b9b4ad0076e54_uue.fmt",
"ssdeep": null,
"size": 48128,
"sha512": "2f388b171ddb75f4ac079150bb73cc65c1133f59e9f2b220abaf4076d213143f231a1ddc01504952ee20c77380780a9ab1da0bc1055990c4969134fdaca991b3",
"pids": [
1424
],
"md5": "e33ff0c8d104f0ee4aa5977152e7e256"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "085631f889ee66b3eaadd1d0b586ed17a10d1b04",
"name": "62cf4c07e82acac4_winrar.lnk",
"filepath": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Jan 4 01:53:07 2020, mtime=Sat Jan 4 01:53:07 2020, atime=Wed Sep 17 03:17:12 2008, length=968704, window=hide",
"sha256": "62cf4c07e82acac445c11f8c577108a3e563f2479f5f26edf87a0fef04110ef1",
"urls": [],
"crc32": "6E9C70A8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/62cf4c07e82acac4_winrar.lnk",
"ssdeep": null,
"size": 1023,
"sha512": "1089a9c9906a425b2fe02d4d9478b6e602a3f75a239362a031eedf5a313fa8594e7c15255f5ead1f34c4acbf0c37b2f4a77412905d5f178bde4a9fc6a1496cce",
"pids": [
2844
],
"md5": "3020a9d535515d50757a5b6f0408efd4"
},
{
"yara": [],
"sha1": "7acf566e8637a83139ed2ee29261d993d3df80e4",
"name": "121c5fc576e56c44_unrar.exe",
"filepath": "C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"type": "PE32 executable (console) Intel 80386, for MS Windows",
"sha256": "121c5fc576e56c440deb8b583ebc941a047cb92c2cb761afcb61bb0162a56ec8",
"urls": [],
"crc32": "BBBCC10B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/121c5fc576e56c44_unrar.exe",
"ssdeep": null,
"size": 204800,
"sha512": "c1a3a0e7de283f6554525883bebfabd3c7ea7f9102c0047fa3f37751d7ee692b5e816b0e29107dbdaf8b1766addab6b359f20e698623a4c26397c93693d281c4",
"pids": [
1424
],
"md5": "b836ba4579de0fadd1142cc47a3af756"
},
{
"yara": [],
"sha1": "e5f1eb91dfa276e4659f93cf4bf0372e81086707",
"name": "639df9ff7708d46b_technote.txt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\TechNote.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "639df9ff7708d46bac5a3b51d237379ab569e751de334c9e3dcc9738706efeda",
"urls": [],
"crc32": "375266BA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/639df9ff7708d46b_technote.txt",
"ssdeep": null,
"size": 9232,
"sha512": "aeff97f20d18a37694151c556ce2e9bfd322f0977047d2620272dfba357f88bb77a3463ddda6dd3f3611f4af5cbbc68b5d54c1be346d2a668a7bcf7089700b96",
"pids": [
1424
],
"md5": "fc44fd46bd957036b8500a528c32e21e"
},
{
"yara": [],
"sha1": "43304d07209e2010e838ecd7f855fafdb83f3750",
"name": "cb5b689527604d05_order.htm",
"filepath": "C:\\Program Files (x86)\\WinRAR\\Order.htm",
"type": "HTML document, ASCII text, with CRLF line terminators",
"sha256": "cb5b689527604d058ceb6926ac496a40e416a7641b6f9c940ad930e8f16f303f",
"urls": [
"http:\/\/www.rarlab.com\/registration.php",
"http:\/\/www.rarlab.com"
],
"crc32": "F262A8A2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/cb5b689527604d05_order.htm",
"ssdeep": null,
"size": 3271,
"sha512": "e09d36554efd2608a31a93bc5c483b8f93fe8e5c7b5d6d5118e0859b16492cadc1c7e1634505c175dba50971f405283631555d88573558ec3006adbb30086319",
"pids": [
1424
],
"md5": "3458285036e0f1b8b5a66c4957028640"
},
{
"yara": [],
"sha1": "6d717d9125fa86240d99767815660122cbe3eedc",
"name": "5cc4e8f8579ae5d3_rarfiles.lst",
"filepath": "C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"type": "ASCII text, with CRLF line terminators",
"sha256": "5cc4e8f8579ae5d3d6c9c592eed11d0a7a0fd1f20d371908eeaa88414000b4a6",
"urls": [],
"crc32": "D659A8B2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/5cc4e8f8579ae5d3_rarfiles.lst",
"ssdeep": null,
"size": 1088,
"sha512": "733f3d87c4e4241b30f5363b9c97bd3f1074c83e206835eeb1eda72eacc3432fae1aef55e2d63680804b32ea7cce3a5656c339734f8fc084f1cbdeb85b4e40b9",
"pids": [
1424
],
"md5": "af5604ff198e4b40af78f9b71b649af7"
},
{
"yara": [],
"sha1": "95c53f41f06d481f8920a391d7604509e4dcafc6",
"name": "76ced1488a510bc1_readme.txt",
"filepath": "C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "76ced1488a510bc14843bb8dab4694bb5ec2a62e411636dbe0cf0b21a64b29f2",
"urls": [],
"crc32": "43DFB3B5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4759\/files\/76ced1488a510bc1_readme.txt",
"ssdeep": null,
"size": 1687,
"sha512": "5de7d0c1d22e43ee8b880a42a5dab538674a0e78b9b0e3c08705594931e91d337ba9cfcfdbe728d0eed134290e9695f3b1830c30e5edaeb9dde05fe2999bcb92",
"pids": [
1424
],
"md5": "383cb29e528feaeac24d9cfa539d1a18"
}
]Generic
[
{
"process_path": "C:\\Windows\\SysWOW64\\xcopy.exe",
"process_name": "xcopy.exe",
"pid": 2928,
"summary": {
"file_recreated": [
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
],
"file_opened": [
"C:\\Windows\\System32\\en-US\\ulib.dll.mui",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
],
"file_written": [
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
],
"file_exists": [
"C:",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileOverlappedCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileChunkSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileBufferedSynchronousIo"
],
"directory_enumerated": [
"C:\\Program Files (x86)\\WinRAR",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\*.*",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
]
},
"first_seen": 1578110003.421,
"ppid": 2584
},
{
"process_path": "C:\\Program Files (x86)\\WinRAR\\uninstall.exe",
"process_name": "uninstall.exe",
"pid": 2844,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\rarnew.dat",
"C:\\Program Files (x86)\\WinRAR\\zipnew.dat",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r29\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r19\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r09\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.taz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r22\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\RegisteredApplications\\WinRAR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rar\\ShellNew\\FileName",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r16\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\WinRAR32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\UninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tbz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\ShellNew\\FileName",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\DisplayName",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\NoModify",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz2\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r03\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.REV\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r02\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\WinRAR.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r20\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.uu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\DragDropHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.bz2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\ContextMenuHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uu\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lzh\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r18\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.lha",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.iso\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r15\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz2\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\ApplicationDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.7z",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lha\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\DragDropHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.xxe",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WRTE.Document.1\\UID\\Frame13",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.rar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.jar\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r24\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r27\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r04\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.z",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r01\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.lzh",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.zip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r11\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r07\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r10\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links\\StartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\DragDropHandlers\\WinRAR\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\ShellExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r26\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.xxe\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r00\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\DropHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\WinRAR.exe\\Path",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links\\Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r13\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rar\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.7z\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r28\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.jar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\DragDropHandlers\\WinRAR32\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\DragDropHandlers\\WinRAR\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.cab",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.uue",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tgz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r17\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.bz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\ContextMenuHandlers\\WinRAR\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu\\Content",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.arj\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2\\Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.iso",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.taz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r25\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\CascadedMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r08\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r05\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r14\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\DropHandler\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz\\Exist",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha\\Content",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.REV\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ace\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\DragDropHandlers\\WinRAR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rev\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\NoRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\MenuIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r06\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar\\Set",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.ace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.gz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.arj",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uue\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.REV\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r23\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WinRAR.ZIP\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r12\\(Default)",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z\\Set",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r21\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver\\DisplayIcon",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar\\Exist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\WinRAR\\Capabilities\\FileAssociations\\.tbz2",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar\\ShellNew"
],
"dll_loaded": [
"SHLWAPI.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"profapi.dll",
"PROPSYS.dll",
"riched32.dll",
"LINKINFO.dll",
"srvcli.dll",
"dwmapi.dll",
"kernel32.dll",
"UxTheme.dll",
"netutils.dll",
"OLEAUT32.dll",
"C:\\Windows\\system32\\ole32.dll",
"C:\\Program Files (x86)\\WinRAR\\rarlng.dll",
"comctl32",
"ole32.dll",
"SETUPAPI.dll",
"ntshrui.dll",
"slc.dll",
"USER32.dll",
"comctl32.dll"
],
"file_failed": [
"C:\\Program Files (x86)\\WinRAR",
"C:\\Users\\Public\\Desktop\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\uninstall.lng",
"C:\\Users\\cuck\\Desktop\\WinRAR.lnk"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\rarreg.key"
]
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz2",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.arj",
"HKEY_CLASSES_ROOT\\WinRAR.REV\\DefaultIcon",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_CLASSES_ROOT\\.r09",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\WinRAR",
"HKEY_CLASSES_ROOT\\.r07",
"HKEY_CLASSES_ROOT\\.r06",
"HKEY_CLASSES_ROOT\\.r05",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.r03",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_CLASSES_ROOT\\.r01",
"HKEY_CLASSES_ROOT\\.r00",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.xxe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_CLASSES_ROOT\\.txt\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\WinRAR\\Capabilities",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.zip\\ShellNew",
"HKEY_CLASSES_ROOT\\.z\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.iso",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\DragDropHandlers\\WinRAR",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"HKEY_CLASSES_ROOT\\WRTE.Document.1\\UID",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\WinRAR",
"HKEY_CLASSES_ROOT\\.taz\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_CLASSES_ROOT\\.taz",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CLASSES_ROOT\\.gz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.7z",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\(Default)",
"HKEY_CLASSES_ROOT\\.tar",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CLASSES_ROOT\\.exe\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\.7z\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\WinRAR",
"HKEY_CLASSES_ROOT\\chm.file",
"HKEY_CLASSES_ROOT\\.chm\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_CLASSES_ROOT\\WinRAR\\DefaultIcon",
"HKEY_CLASSES_ROOT\\.cab\\ShellNew",
"HKEY_CLASSES_ROOT\\.tbz\\ShellNew",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.chm",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\.bz",
"HKEY_CLASSES_ROOT\\WinRAR\\shell\\open\\command",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.ace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_CLASSES_ROOT\\.uu\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\RegisteredApplications",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.zip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.z",
"HKEY_CLASSES_ROOT\\.r08",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\CurVer",
"HKEY_CLASSES_ROOT\\.uue\\ShellNew",
"HKEY_CLASSES_ROOT\\.tbz2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CLASSES_ROOT\\.r04",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.chm",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\uninstall.exe",
"HKEY_CLASSES_ROOT\\.rev",
"HKEY_CLASSES_ROOT\\.r02",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\text",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_CLASSES_ROOT\\.gz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.lha",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_CLASSES_ROOT\\.chm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.cab",
"HKEY_CLASSES_ROOT\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uu",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.taz",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CLASSES_ROOT\\.rar\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tar",
"HKEY_CLASSES_ROOT\\.r10",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\WinRAR32",
"HKEY_CLASSES_ROOT\\.xxe\\ShellNew",
"HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\WinRAR32",
"HKEY_CLASSES_ROOT\\.r12",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\.r14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
"HKEY_CLASSES_ROOT\\exefile\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\DragDropHandlers\\WinRAR32",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\PropertySheetHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\DefaultIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_CLASSES_ROOT\\.ace\\ShellNew",
"HKEY_CLASSES_ROOT\\.arj",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"HKEY_CLASSES_ROOT\\.jar\\ShellNew",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.lha\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.cab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\Clsid",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.gz",
"HKEY_CLASSES_ROOT\\Folder\\shellex\\DragDropHandlers\\WinRAR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\WinRAR.exe",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_CLASSES_ROOT\\.jar",
"HKEY_CLASSES_ROOT\\WinRAR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.zip",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tgz",
"HKEY_CLASSES_ROOT\\.uu",
"HKEY_LOCAL_MACHINE\\Software\\WinRAR\\Capabilities\\FileAssociations",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.rar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_CLASSES_ROOT\\.xxe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
"HKEY_CLASSES_ROOT\\.bz2",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.uue",
"HKEY_CLASSES_ROOT\\.rar",
"HKEY_CLASSES_ROOT\\WinRAR.REV",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.exe",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.bz2",
"HKEY_CLASSES_ROOT\\.tbz",
"HKEY_CLASSES_ROOT\\.lzh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WinRAR archiver",
"HKEY_CLASSES_ROOT\\exefile",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\DragDropHandlers\\WinRAR32",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lha",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\DragDropHandlers\\WinRAR32",
"HKEY_CLASSES_ROOT\\WinRAR.REV\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\DragDropHandlers\\WinRAR",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\UserChoice",
"HKEY_CLASSES_ROOT\\.7z",
"HKEY_CLASSES_ROOT\\.bz2\\ShellNew",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\uninstall.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\DropHandler",
"HKEY_CLASSES_ROOT\\.r25",
"HKEY_CLASSES_ROOT\\.r24",
"HKEY_CLASSES_ROOT\\.r27",
"HKEY_CLASSES_ROOT\\.r26",
"HKEY_CLASSES_ROOT\\.r21",
"HKEY_CLASSES_ROOT\\.r20",
"HKEY_CLASSES_ROOT\\.r23",
"HKEY_CLASSES_ROOT\\.r22",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.tbz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\DropHandler",
"HKEY_CLASSES_ROOT\\.r28",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\Links",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.r29",
"HKEY_CLASSES_ROOT\\.ace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
"HKEY_CLASSES_ROOT\\.bz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\txtfile",
"HKEY_CLASSES_ROOT\\.exe",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PropertyBag",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.lzh",
"HKEY_CURRENT_USER\\Software\\WinRAR\\Setup\\.jar",
"HKEY_CLASSES_ROOT\\WinRAR.ZIP\\shellex\\ContextMenuHandlers\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}",
"HKEY_CLASSES_ROOT\\.r11",
"HKEY_CLASSES_ROOT\\CLSID\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\InProcServer32",
"HKEY_CLASSES_ROOT\\.r13",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.r15",
"HKEY_CLASSES_ROOT\\.r16",
"HKEY_CLASSES_ROOT\\.r17",
"HKEY_CLASSES_ROOT\\.r18",
"HKEY_CLASSES_ROOT\\.r19",
"HKEY_CLASSES_ROOT\\.tgz",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\uninstall.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\Clsid",
"HKEY_CLASSES_ROOT\\.tbz2\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\CurVer",
"HKEY_CLASSES_ROOT\\.tgz\\ShellNew",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.chm\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.uue",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.tar\\ShellNew",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\WinRAR32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_CLASSES_ROOT\\.iso",
"HKEY_CLASSES_ROOT\\.arj\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\WinRAR\\shellex\\ContextMenuHandlers\\{B41DB860-64E4-11D2-9906-E49FADC173CA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.lzh\\ShellNew",
"HKEY_CLASSES_ROOT\\.z",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\rarnew.dat",
"C:\\Program Files (x86)\\WinRAR\\zipnew.dat",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.jar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r19\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r18\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r29\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r22\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r25\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r08\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lha\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r04\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r00\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lzh\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r28\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r09\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r05\\Content Type",
"HKEY_CURRENT_USER\\Software\\WinRAR\\CLSID\\{DDF7D820-8355-11CF-B357-444553540000}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r16\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uu\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r11\\Content Type",
"HKEY_CLASSES_ROOT\\.zip\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r26\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r07\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r02\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r03\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.rar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.arj\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r23\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.xxe\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.uue\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz2\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r20\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r21\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ace\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.taz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r13\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r17\\Content Type",
"HKEY_CLASSES_ROOT\\.rar\\ShellNew",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r27\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.7z\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tbz2\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r12\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r24\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r01\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r06\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r10\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r15\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.r14\\Content Type"
],
"file_exists": [
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Windows\\System32\\propsys.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Program Files (x86)\\WinRAR\\rarnew.dat",
"C:\\Program Files (x86)\\WinRAR\\zipnew.dat",
"C:\\Windows\\SysWOW64\\propsys.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk"
],
"file_opened": [
"C:\\",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Program Files (x86)\\WinRAR\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Windows\\win.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Program Files (x86)",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk"
],
"guid": [
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{000214f9-0000-0000-c000-000000000046}",
"{00021401-0000-0000-c000-000000000046}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{00000000-0000-0000-c000-000000000046}",
"{000214ee-0000-0000-c000-000000000046}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Windows\\win.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.iso\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tar\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NormalizeLinkNetPidls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonVideo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cab\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.z\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Public",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Documents",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.tgz\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category"
],
"directory_created": [
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR"
]
},
"first_seen": 1578109988.249125,
"ppid": 1424
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"process_name": "5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"pid": 1512,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\__tmp_rar_sfx_access_check_33696906",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat"
],
"directory_created": [
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local"
],
"dll_loaded": [
"C:\\Windows\\system32\\ntshrui.dll",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"C:\\Windows\\system32\\uxtheme.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"OLEAUT32.DLL",
"comctl32",
"ole32.dll",
"IMM32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"riched32.dll",
"riched20.dll",
"netutils.dll",
"comctl32.dll",
"C:\\Windows\\system32\\shell32.dll",
"ADVAPI32.dll",
"rpcrt4.dll",
"SETUPAPI.dll",
"COMCTL32.DLL"
],
"file_opened": [
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"C:\\",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"C:\\Users\\desktop.ini",
"C:\\Windows\\win.ini",
"C:\\Windows\\System32\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\System32\\en-US\\ntshrui.dll.mui",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.bat",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
"HKEY_CLASSES_ROOT\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.key",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer",
"HKEY_CLASSES_ROOT\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32",
"HKEY_CLASSES_ROOT\\.key\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanServer\\DefaultSecurity",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_CLASSES_ROOT\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\CopyHookHandlers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bat\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bat",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\Unknown",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\PropertyHandler",
"HKEY_CLASSES_ROOT\\.exe\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bat",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.exe",
"HKEY_CLASSES_ROOT\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Sharing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\ShellEx\\PropertyHandler",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.key\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ShellEx\\PropertyHandler",
"HKEY_CLASSES_ROOT\\.key",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\PROFILELIST",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-18",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-19",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe",
"HKEY_CLASSES_ROOT\\.bat\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
"HKEY_CLASSES_ROOT\\.bat",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.exe",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\exefile",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.key",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\UserChoice",
"HKEY_CLASSES_ROOT\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.key",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_CLASSES_ROOT\\batfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\CurVer"
],
"command_line": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe\" "
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\__tmp_rar_sfx_access_check_33696906",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0"
],
"file_exists": [
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.bat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\rarreg.key",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe"
],
"guid": [
"{49f371e1-8c5c-4d9c-9a3b-54a6827f513c}",
"{a4341687-7593-47aa-9554-4b0ffc8b2214}",
"{00000000-0000-0000-c000-000000000046}",
"{688c934d-0c26-40f6-8d29-d56d72c76b48}",
"{6311429e-2f1a-4777-880f-c7289fd10169}",
"{559b1911-d3af-486e-b8bc-242b24df0114}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}",
"{57ced8a7-3f4a-432c-9350-30f24483f74f}",
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}",
"{000214fc-0000-0000-c000-000000000046}",
"{72eb61e0-8672-4303-9175-f2e4c68b2e7c}",
"{00bb2765-6a77-11d0-a535-00c04fd7d062}"
],
"file_read": [
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"C:\\Users\\desktop.ini",
"C:\\Windows\\win.ini"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Always Use Tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-19\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\AutoSuggest",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\DefaultSecurity\\SrvsvcDefaultShareInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Sharing\\UsersShareName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-18\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\batfile\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\DisableProcessIsolation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache"
],
"directory_enumerated": [
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06.bin",
"C:\\Windows\\System32\\*.*",
"C:\\Windows",
"C:\\Windows\\System32"
]
},
"first_seen": 1578109985.671875,
"ppid": 2892
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1578109985.3125,
"ppid": 376
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"process_name": "install.exe",
"pid": 1516,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat"
],
"dll_loaded": [
"kernel32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat"
],
"command_line": [
"cmd.exe \/c C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Users\\cuck\\AppData\\Local"
]
},
"first_seen": 1578109986.40625,
"ppid": 1512
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"process_name": "wrar380.exe",
"pid": 1424,
"summary": {
"file_created": [
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\__tmp_rar_sfx_access_check_33698140",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt"
],
"directory_created": [
"C:\\Program Files (x86)\\WinRAR",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Program Files (x86)",
"C:\\Program Files (x86)\\WinRAR\\Formats"
],
"dll_loaded": [
"SETUPAPI.dll",
"C:\\Windows\\system32\\shell32.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"riched32.dll",
"IMM32.dll",
"riched20.dll",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"comctl32",
"ole32.dll",
"comctl32.dll",
"COMCTL32.DLL"
],
"file_opened": [
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\__tmp_rar_sfx_access_check_33698140",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Windows\\win.ini",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\wrar380.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_CLASSES_ROOT\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\WinRAR SFX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete"
],
"command_line": [
"\"C:\\Program Files (x86)\\WinRAR\\uninstall.exe\" \/setup",
"C:\\Program Files (x86)\\WinRAR\\uninstall.exe \/setup"
],
"file_written": [
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt"
],
"file_exists": [
"C:\\Program Files (x86)\\WinRAR\\Uninstall.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\WhatsNew.txt",
"C:\\Program Files (x86)\\WinRAR\\Uninstall.exe",
"C:\\Program Files (x86)\\WinRAR\\UnRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Program Files (x86)\\WinRAR\\WinCon.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Default.SFX",
"C:\\Program Files (x86)\\WinRAR\\RarExt.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Program Files (x86)\\WinRAR\\ReadMe.txt",
"C:\\Program Files (x86)\\WinRAR\\File_Id.diz",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExt64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Program Files (x86)\\WinRAR\\uninstall.exe.exe",
"C:\\Program Files (x86)\\WinRAR\\Descript.ion",
"C:\\Program Files (x86)\\WinRAR\\UnrarSrc.txt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\UNACEV2.DLL",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Rar.exe",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Program Files (x86)\\WinRAR\\Order.htm",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Program Files (x86)\\WinRAR\\uninstall.exe",
"C:\\Program Files (x86)\\WinRAR\\RarFiles.lst",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\License.txt",
"C:\\Program Files (x86)\\WinRAR\\Zip.SFX",
"C:\\Program Files (x86)\\WinRAR\\Formats",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Program Files (x86)\\WinRAR\\TechNote.txt"
],
"file_failed": [
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll"
],
"guid": [
"{eac04bc0-3791-11d2-bb95-0060977b464c}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{00bb2763-6a77-11d0-a535-00c04fd7d062}",
"{00000000-0000-0000-c000-000000000046}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{03c036f1-a186-11d0-824a-00aa005b4383}",
"{00bb2765-6a77-11d0-a535-00c04fd7d062}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Windows\\win.ini"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Always Use Tab",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\AutoSuggest",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Client\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey"
],
"directory_enumerated": [
"C:\\Program Files (x86)\\WinRAR\\rarext64.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\gz.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\bz2.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7z.fmt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\lzh.fmt",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.hlp",
"C:\\Program Files (x86)\\WinRAR\\*.lng",
"C:\\Program Files (x86)\\WinRAR\\os2.sfx",
"C:\\Program Files (x86)\\WinRAR\\Formats\\tar.fmt",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.cnt",
"C:\\Program Files (x86)\\WinRAR\\Formats\\arj.fmt",
"C:\\Program Files (x86)\\WinRAR\\rar_site.txt",
"C:\\Program Files (x86)\\WinRAR\\order.txt",
"C:\\Program Files (x86)\\WinRAR\\rarext.dll",
"C:\\Program Files (x86)\\WinRAR\\register.txt",
"C:\\Program Files (x86)\\WinRAR\\Dos.sfx",
"C:\\Program Files (x86)\\WinRAR\\Formats\\iso.fmt",
"C:\\Program Files (x86)\\WinRAR\\rarlng.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7zxa.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\cab.fmt",
"C:\\Program Files (x86)\\WinRAR\\RarExtLoader.exe",
"C:\\Program Files (x86)\\WinRAR\\Formats\\ace.fmt",
"C:\\Program Files (x86)\\WinRAR\\register.frm",
"C:\\Program Files (x86)\\WinRAR\\Formats\\unacev2.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\7za.dll",
"C:\\Program Files (x86)\\WinRAR\\Formats\\uue.fmt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\WinRAR SFX\\C%%Program Files (x86)%WinRAR"
]
},
"first_seen": 1578109986.811626,
"ppid": 2584
},
{
"process_path": "C:\\Windows\\SysWOW64\\cmd.exe",
"process_name": "cmd.exe",
"pid": 2584,
"summary": {
"dll_loaded": [
"ADVAPI32.dll",
"kernel32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0"
],
"command_line": [
"wrar380.exe \/s \/W",
"XCOPY \"rarreg.key\" \"C:\\Program Files (x86)\\WinRAR\" \/i \/r \/v \/k \/f \/c \/h \/y"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\AutoRun",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\LogFileName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\DefaultLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\SaferFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\PolicyScope",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Srp\\GP\\RuleCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\Levels",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\AutoRun"
],
"directory_enumerated": [
"C:\\Windows\\System32\\XCOPY.*",
"C:\\Python27\\Scripts\\XCOPY.*",
"C:\\Windows\\System32\\xcopy.COM",
"C:\\Users\\cuck\\AppData",
"C:\\Python27\\XCOPY",
"C:\\Python27\\Scripts\\XCOPY",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\XCOPY.*",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Windows\\System32\\xcopy.exe",
"C:\\Python27\\XCOPY.*",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\XCOPY",
"C:\\Users\\cuck\\AppData\\Local"
]
},
"first_seen": 1578109986.625,
"ppid": 1516
},
{
"process_path": "C:\\Windows\\explorer.exe",
"process_name": "explorer.exe",
"pid": 1788,
"summary": {
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\FFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByDirection",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2\\Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Sort",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\LogicalViewMode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Mode",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\UserStartTime",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\LastAdvertisement",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ColInfo",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:FMTID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Desktop\\TaskbarWinXP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\IconSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:PID"
],
"dll_loaded": [
"C:\\Windows\\system32\\xmllite.dll",
"C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll",
"MsftEdit.dll",
"POWRPROF.DLL"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\ProgramData",
"C:\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Users\\Public\\Documents\\desktop.ini",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users\\Public\\Pictures",
"C:\\Program Files (x86)\\windows media player\\wmplayer.exe",
"C:\\Windows\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Users\\Public\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
"c:\\program files (x86)\\mozilla firefox\\firefox.exe",
"C:\\Windows\\System32\\imageres.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"\\\\?\\PIPE\\samr",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\Users\\cuck\\Pictures",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Program Files (x86)\\windows media player\\en-US\\wmplayer.exe.mui",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows",
"C:\\Windows\\System32\\DeviceCenter.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Python 2.7",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe",
"C:\\Windows\\resources\\Themes\\Aero\\Shell\\NormalColor\\ShellStyle.dll",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer",
"C:\\Users\\cuck",
"c:\\program files (x86)\\internet explorer\\iexplore.exe",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Users\\cuck\\AppData",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC",
"C:\\Users\\cuck\\Desktop",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Windows\\System32\\en-US\\DeviceCenter.dll.mui",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\Public",
"C:\\ProgramData\\Microsoft",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"c:\\program files (x86)\\internet explorer\\en-US\\iexplore.exe.mui",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_CLASSES_ROOT\\Outlook.Application.12",
"HKEY_CLASSES_ROOT\\Outlook.Application.11",
"HKEY_CLASSES_ROOT\\Outlook.Application.10",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\cmd.exe\\TaskbarExceptionsIcons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ini",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\explorer.exe\\TaskbarExceptionsIcons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_CLASSES_ROOT\\Outlook.Application",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8"
],
"file_written": [
"\\\\?\\PIPE\\samr"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupCollapseState",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemOrder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemPos800x600x96(1)"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\Desktop",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Python27\\pythonw.exe",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Program Files (x86)\\WinRAR\\Rar.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\Users\\Public",
"C:\\cuckoo_2844.ini",
"C:\\Users\\cuck\\Documents",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Windows\\explorer.exe",
"C:\\Users\\Public\\Documents",
"C:\\Users\\cuck",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.chm",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Program Files (x86)\\WinRAR",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ThumbCacheToDelete",
"C:\\Program Files (x86)\\WinRAR\\WinRAR.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk"
],
"mutex": [
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer",
"Local\\Shell.CMruPidlList",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex"
],
"file_failed": [
"C:\\cuckoo_2844.ini",
"C:\\cuckoo_1788.ini",
"C:\\ProgramData\\Microsoft\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db"
],
"guid": [
"{6ccb7be0-6807-11d0-b810-00c04fd706ec}",
"{4f6bcd94-c2a5-42ce-8dbc-31e794be4630}",
"{7cc7aed8-290e-49bc-8945-c1401cc9306c}",
"{fdada2fa-894d-47d8-ae78-adf1fd7f28df}",
"{54410b83-6787-4418-9735-5aaaabe83a9a}",
"{14ce31dc-abc2-484c-b061-cf3416aed8ff}",
"{8be2d872-86aa-4d47-b776-32cca40c7018}",
"{3ce74de4-53d3-4d74-8b83-431b3828ba53}",
"{ea69859a-db5b-4c4a-8a8f-ae9759027534}",
"{05a232fd-2bfb-4349-9d48-4787f317f50a}",
"{000214fa-0000-0000-c000-000000000046}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{b2952b16-0e07-4e5a-b993-58c52cb94cae}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{4657278a-411b-11d2-839a-00c04fd918d0}",
"{ae054212-3535-4430-83ed-d501aa6680e6}",
"{9b63616c-36b2-46bc-959f-c1593952d19b}",
"{1a1f4206-0688-4e7f-be03-d82ec69df9a5}",
"{c3acefb5-f69d-4905-938f-fcadcf4be830}",
"{42aedc87-2188-41fd-b9a3-0c966feabec1}",
"{71d222e1-432f-429e-8c13-b6dafde5077a}",
"{db6efb73-5153-43b7-8078-c6ffc4c0238c}",
"{1c1800c1-3258-44c2-be80-3deadb6c5e39}",
"{00000146-0000-0000-c000-000000000046}",
"{cef04fdf-fe72-11d2-87a5-00c04f6837cf}",
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{6746c347-576b-4f73-9012-cdfeea251bc4}",
"{c0a6c367-c264-4385-a704-9088bdc3640e}",
"{de5bf786-477a-11d2-839d-00c04fd918d0}",
"{0c733a8a-2a1c-11ce-ade5-00aa0044773d}",
"{33c53a50-f456-4884-b049-85fd643ecfed}",
"{14074e0b-7216-4862-96e6-53cada442a56}",
"{111f7c32-0546-4227-8b7f-c53a0b114a0f}",
"{00000323-0000-0000-c000-000000000046}",
"{6e682784-1eca-4cf2-988d-96b6e89e9a4d}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{7d39402f-5b52-4b34-b528-b95f66927e1d}",
"{75121952-e0d0-43e5-9380-1d80483acf72}",
"{a4b544a1-438d-4b41-9325-869523e2d6c7}",
"{603d3800-bd81-11d0-a3a5-00c04fd706ec}",
"{2fb499a3-cfce-480f-a5f3-2453db7a2b7a}",
"{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}",
"{8ded7393-5db1-475c-9e71-a39111b0ff67}",
"{1f02b6c5-7842-4ee6-8a0b-9a24183a95ca}",
"{f678fcde-eb44-4b6e-9b75-cc4a661f5263}",
"{bbd20037-bc0e-42f1-913f-e2936bb0ea0c}",
"{934d4698-6a59-48f8-9f29-9fb30670320e}",
"{64bc32b5-4eec-4de7-972d-bd8bd0324537}",
"{4df0c730-df9d-4ae3-9153-aa6b82e9795a}",
"{3c708557-c99d-4fa3-9231-56518418b4e4}",
"{1f3427c8-5c10-4210-aa03-2ee45287d668}",
"{9cfc2df3-6ba3-46ef-a836-e519e81f0ec4}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{f676c15d-596a-4ce2-8234-33996f445db1}",
"{4657278b-411b-11d2-839a-00c04fd918d0}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{ed6ae9cf-ad35-46b7-ac30-3f8b9eb5349f}",
"{000214e6-0000-0000-c000-000000000046}",
"{50ef4544-ac9f-4a8e-b21b-8a26180db13f}",
"{b8967f85-58ae-4f46-9fb2-5d7904798f4b}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{00000000-0000-0000-c000-000000000046}",
"{1685d4ab-a51b-4af1-a4e5-cee87002431d}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"\\\\?\\PIPE\\samr",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Users\\Public\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"C:\\Users\\Public\\Documents\\desktop.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRecentDocsMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\UseDropHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheSMP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{14074E0B-7216-4862-96E6-53CADA442A56} {000214FA-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMHelp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.SFGAOFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.DateModified",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplayNarrow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn_ShouldShow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\PerceivedType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFavoritesMenu",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 13",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS\\UpdateCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.FileName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\unregmp2.exe,-4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{b155bdf8-02f0-451e-9a26-ae317cfd7779}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU Size",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoChangeStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetHood",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{98D99750-0B8A-4c59-9151-589053683D73}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\DisableProcessIsolation",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\DeviceCenter.dll,-1000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\LibraryDescriptionHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.FileAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F2-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84BA9C75-6C22-4590-9BDC-5584EADE039E}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\CLSID\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{98D99750-0B8A-4C59-9151-589053683D73}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClearRecentDocsOnExit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1F3427C8-5C10-4210-AA03-2EE45287D668} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.bmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{35786D3C-B075-49b9-88DD-029876E11C01}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\UIStatus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_EnableDragDrop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetworkConnections",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Search\\SystemIndexNormalization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheTBP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\explorer.exe,-7021",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMorePrograms",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics_ShouldShow",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PromotedIconCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{59D6F31B-FA6B-4FBA-8AF3-197FF140C714}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\Upgrade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\System32\\ie4uinit.exe,-734",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.Kind",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IconPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplayNarrow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\shellex\\IconHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoUserFolderInStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ForceRunOnStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DontLoadAuthUIInExplorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{645FF040-5081-101B-9F08-00AA002F954E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseInProcHandlerCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\OnlyMember",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.DateModified",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IsPinnedToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\DisableProcessIsolation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\ShellEx\\{000214F9-0000-0000-C000-000000000046}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuNetworkPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\IconHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\sud.dll,-1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SearchFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNTSecurity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@\"%windir%\\System32\\ie4uinit.exe\",-732",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0\\586A8930D8DF3B6489614C37910BFCF5"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer"
]
},
"first_seen": 1578109988.561626,
"ppid": 1740
}
]Signatures
[
{
"markcount": 8,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109988.515125,
"tid": 2440,
"flags": {}
},
"pid": 2844,
"type": "call",
"cid": 1714
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109988.937125,
"tid": 2440,
"flags": {}
},
"pid": 2844,
"type": "call",
"cid": 2937
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109989.312125,
"tid": 2440,
"flags": {}
},
"pid": 2844,
"type": "call",
"cid": 3103
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109989.328125,
"tid": 2440,
"flags": {}
},
"pid": 2844,
"type": "call",
"cid": 3312
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109989.343125,
"tid": 2440,
"flags": {}
},
"pid": 2844,
"type": "call",
"cid": 3459
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109989.343125,
"tid": 2440,
"flags": {}
},
"pid": 2844,
"type": "call",
"cid": 3598
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109991.342626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 3186
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1578109991.373626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 3194
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741685,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1578109985.812875,
"tid": 2732,
"flags": {}
},
"pid": 1512,
"type": "call",
"cid": 90
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 12,
"families": [],
"description": "Command line console output was observed",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0>",
"console_handle": "0x00000007"
},
"time": 1578109986.704,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 173
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "start",
"console_handle": "0x00000007"
},
"time": 1578109986.704,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 175
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": " \/wait wrar380.exe \/s \/W ",
"console_handle": "0x00000007"
},
"time": 1578109986.704,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 177
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0>",
"console_handle": "0x00000007"
},
"time": 1578110003.297,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 202
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "XCOPY",
"console_handle": "0x00000007"
},
"time": 1578110003.297,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 204
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": " \"rarreg.key\" \"C:\\Program Files (x86)\\WinRAR\" \/i \/r \/v \/k \/f \/c \/h \/y ",
"console_handle": "0x00000007"
},
"time": 1578110003.297,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 206
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0>",
"console_handle": "0x00000007"
},
"time": 1578110003.547,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 261
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "EXIT",
"console_handle": "0x00000007"
},
"time": 1578110003.547,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 263
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"console_handle": "0x00000013"
},
"time": 1578110003.515,
"tid": 460,
"flags": {}
},
"pid": 2928,
"type": "call",
"cid": 28
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "\\rarreg.key -> C:\\Program Files (x86)\\Wi",
"console_handle": "0x00000013"
},
"time": 1578110003.515,
"tid": 460,
"flags": {}
},
"pid": 2928,
"type": "call",
"cid": 29
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "nRAR\\rarreg.key\r\n",
"console_handle": "0x00000013"
},
"time": 1578110003.515,
"tid": 460,
"flags": {}
},
"pid": 2928,
"type": "call",
"cid": 30
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "1 File(s) copied\r\n",
"console_handle": "0x00000013"
},
"time": 1578110003.531,
"tid": 460,
"flags": {}
},
"pid": 2928,
"type": "call",
"cid": 63
}
],
"references": [],
"name": "console_output"
},
{
"markcount": 1,
"families": [],
"description": "Tries to locate where the browsers are installed",
"severity": 1,
"marks": [
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "locates_browser"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1578109986.265875,
"tid": 2500,
"flags": {}
},
"pid": 1512,
"type": "call",
"cid": 830
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 1,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nb\n8\n1\n9\n0\n4\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0",
"registers": {
"r14": 237106680,
"r9": 0,
"rcx": 48,
"rsi": 237106680,
"r10": 0,
"rbx": 98185776,
"rdi": 236567232,
"r11": 192936176,
"r8": 2007859596,
"rdx": 8796092404304,
"rbp": 192933520,
"r15": 262145,
"r12": 262144,
"rsp": 192933400,
"rax": 45619456,
"r13": 192934913
},
"exception": {
"instruction_r": "83 3d 8d d1 02 00 00 68 53 12 69 fb c7 44 24 04",
"instruction": "cmp dword ptr [rip + 0x2d18d], 0",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x2b81904"
}
},
"time": 1578109997.295626,
"tid": 1296,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 9963
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 7,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1424,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x74f21000"
},
"time": 1578109986.889626,
"tid": 3020,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 1424,
"type": "call",
"cid": 6
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2844,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x74f21000"
},
"time": 1578109988.312125,
"tid": 2440,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2844,
"type": "call",
"cid": 30
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2844,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x750c1000"
},
"time": 1578109988.312125,
"tid": 2440,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2844,
"type": "call",
"cid": 68
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2844,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x74651000"
},
"time": 1578109988.499125,
"tid": 2440,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2844,
"type": "call",
"cid": 1659
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2844,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x745e1000"
},
"time": 1578109988.499125,
"tid": 2440,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2844,
"type": "call",
"cid": 1669
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2844,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x745c1000"
},
"time": 1578109988.499125,
"tid": 2440,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2844,
"type": "call",
"cid": 1673
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2844,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x745a1000"
},
"time": 1578109988.515125,
"tid": 2440,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2844,
"type": "call",
"cid": 1698
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 1,
"families": [],
"description": "Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation",
"severity": 2,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer",
"free_bytes_available": 23458664448,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 0
},
"time": 1578109992.342626,
"tid": 2808,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4171
}
],
"references": [],
"name": "antivm_disk_size"
},
{
"markcount": 14,
"families": [],
"description": "Creates a shortcut to an executable file",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\Public\\Desktop\\WinRAR.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Desktop\\WinRAR.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\Console RAR manual.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\WinRAR.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WinRAR\\WinRAR help.lnk",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "creates_shortcut"
},
{
"markcount": 1,
"families": [],
"description": "Creates a suspicious process",
"severity": 2,
"marks": [
{
"category": "cmdline",
"ioc": "cmd.exe \/c C:\\Users\\cuck\\AppData\\Local\\Temp\\bt8018.bat",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "suspicious_process"
},
{
"markcount": 2,
"families": [],
"description": "Drops a binary and executes it",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "dropper"
},
{
"markcount": 2,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\wrar380.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 8,
"families": [],
"description": "Checks for the Locally Unique Identifier on the system for a suspicious privilege",
"severity": 2,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109992.467626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4394
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109992.483626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4422
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109992.873626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4820
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109993.092626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4898
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109993.311626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 5183
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109993.577626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 5695
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109993.577626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 5710
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1578109993.811626,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 6105
}
],
"references": [],
"name": "privilege_luid_check"
},
{
"markcount": 495,
"families": [],
"description": "Potentially malicious URLs were found in the process memory dump",
"severity": 2,
"marks": [
{
"category": "url",
"ioc": "http:\/\/www.expedia.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/uk.ask.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.priceminister.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.iask.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/ocsp.infonotary.com\/responder.cgi0V",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.merlin.com.pl\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.cnet.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.certificadodigital.com.br\/repositorio\/serasaca\/crl\/SerasaCAII.crl0",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.nifty.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/ns.adobe.com\/exif\/1.0\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.etmall.com.tw\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/crl.chambersign.org\/publicnotaryroot.crl0",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.goo.ne.jp\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/fr.wikipedia.org\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/busca.estadao.com.br\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.hanafos.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.chol.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/purl.org\/rss\/1.0\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/amazon.fr\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.amazon.co.jp\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.mtv.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/busqueda.aol.com.mx\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.live.com\/results.aspx?FORM=SOLTDF",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/msdn.microsoft.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/msdn.microsoft.com\/workshop\/security\/privacy\/overview\/privacyimportxml.asp)",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.sify.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/yellowpages.superpages.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/suche.freenet.de\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/crl.chambersign.org\/chambersroot.crl0",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.aol.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/browse.guardian.co.uk\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.mercadolibre.com.mx\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.asharqalawsat.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.facebook.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/si.wikipedia.org\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.rtl.de\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.msn.com\/results.aspx?q=",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.microsoft.com.",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.naver.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/fedir.comsign.co.il\/cacert\/ComSignAdvancedSecurityCA.crt0",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/crl.usertrust.com\/UTN-USERFirst-NetworkApplications.crl0",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "https:\/\/www.netlock.net\/docs",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/en.wikipedia.org\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/si.wikipedia.org\/w\/api.php?action=opensearch",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.signatur.rtr.at\/de\/directory\/cps.html0",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/udn.com\/favicon.ico",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/rover.ebay.com",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/search.ebay.fr\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/www.univision.com\/",
"type": "ioc",
"description": null
},
{
"category": "url",
"ioc": "http:\/\/pt.wikipedia.org\/w\/api.php?action=opensearch",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "memdump_urls"
},
{
"markcount": 1,
"families": [],
"description": "Installs itself for autorun at Windows startup",
"severity": 3,
"marks": [
{
"type": "generic",
"reg_key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B41DB860-64E4-11D2-9906-E49FADC173CA}\\InProcServer32\\(Default)",
"reg_value": "C:\\Program Files (x86)\\WinRAR\\rarext64.dll"
}
],
"references": [],
"name": "persistence_autorun"
},
{
"markcount": 2,
"families": [],
"description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x00000000000014c0",
"value": "\u0014\u0000\u0000\u0000\u0005\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0010\u0000\u0000\u0000\u0014\u0000\u0000\u0000IL \u0006\u0010\u0000$\u0000\u0018\u0000\u0010\u0000\u0010\u0000\u00ff\u00ff\u00ff\u00ff!\u0010\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ffBM6\u0000\u0000\u0000\u0000\u0000\u0000\u00006\u0000\u0000\u0000(\u0000\u0000\u0000\u0010\u0000\u0000\u0000@\u0002\u0000\u0000\u0001\u0000 \u0000\u0000\u0000\u0000\u0000\u0000\u0090\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream"
},
"time": 1578109996.420626,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 9360
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x00000000000001e0",
"value": "\u0014\u0000\u0000\u0000\u0007\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0004\u0000\u0000\u0000\u0014\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e4\u0007\u0001\u0000F\u0000b\u0000y\u0000i\u0000r\u0000 \u0000C\u0000P\u0000 \u0000v\u0000f\u0000f\u0000h\u0000r\u0000f\u0000:\u0000 \u00001\u0000 \u0000z\u0000r\u0000f\u0000f\u0000n\u0000t\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000e\u0000\u0000\u0000v\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00b3\u0086;4\u00e6\u00ee\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e4\u0007\u0001\u0000F\u0000c\u0000r\u0000n\u0000x\u0000r\u0000e\u0000f\u0000:\u0000 \u00006\u00007\u0000%\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000f\u0000\u0000\u0000s\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0086\u00e2\u009e\u00956\u0005\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000}\u00c0\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u00e4\u0007\u0001\u0000H\u0000a\u0000v\u0000q\u0000r\u0000a\u0000g\u0000v\u0000s\u0000v\u0000r\u0000q\u0000 \u0000a\u0000r\u0000g\u0000j\u0000b\u0000e\u0000x\u0000 \u0000A\u0000b\u0000 \u0000V\u0000a\u0000g\u0000r\u0000e\u0000a\u0000r\u0000g\u0000 \u0000n\u0000p\u0000p\u0000r\u0000f\u0000f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams"
},
"time": 1578109996.420626,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 9362
}
],
"references": [],
"name": "creates_largekey"
},
{
"markcount": 1,
"families": [],
"description": "Deletes executed files from disk",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\install.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "deletes_executed_files"
},
{
"markcount": 2,
"families": [],
"description": "Resumed a suspended thread in a remote process potentially indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2584 resumed a thread in remote process 1424",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000120",
"suspend_count": 0,
"process_identifier": 1424
},
"time": 1578110003.297,
"tid": 2576,
"flags": {}
},
"pid": 2584,
"type": "call",
"cid": 186
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_resumethread"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.080759048461914,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5874,
"time": 9.203509092330933,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7718,
"time": 3.008716106414795,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8046,
"time": 1.037282943725586,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8374,
"time": 3.0197880268096924,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8702,
"time": 1.5352709293365479,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 9030,
"time": -0.09081697463989258,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 9358,
"time": 1.563194990158081,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28768,
"time": 1.0708930492401123,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 37152,
"time": 3.1104331016540527,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "ff8c781699fc0b30dce48d72185eb38968aca44f0284e88aa105f7f21b654ac4",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "206acd73a2f27c1850b2ad647af35ff0a09e564f8df9e53259b6717a4f744a2d",
"irc": [],
"https_ex": []
}Screenshots
WINRAR380.exe removal instructions
The instructions below shows how to remove WINRAR380.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the WINRAR380.exe file for removal, restart your computer and scan it again to verify that WINRAR380.exe has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate WINRAR380.exe in the scan result and tick the checkbox next to the WINRAR380.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate WINRAR380.exe in the scan result.
c:\downloads\WINRAR380.exe 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the WINRAR380.exe file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If WINRAR380.exe still remains in the scan result, proceed with the next step. If WINRAR380.exe is gone from the scan result you're done.
- If WINRAR380.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that WINRAR380.exe no longer appear in the scan result.
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 6e34868e713a8e8fe2959aac0dd4ab78 |
| SHA256 | 5ff2e88765e13c83eda17264d13b8c4bafad1554f9b5ede70cc02ac21b069b06 |
Error Messages
These are some of the error messages that can appear related to winrar380.exe:
winrar380.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
winrar380.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
winrar380.exe has stopped working.
End Program - winrar380.exe. This program is not responding.
winrar380.exe is not a valid Win32 application.
winrar380.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with WINRAR380.exe?
To help other users, please let us know what you will do with WINRAR380.exe:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.